fbpx

[08.12.2017]

Close up of a fingerprint on a keyboard, with text: 3 Stages to GDPR Compliance Part 1

Stage 1 – Awareness, Data Identification and Creating a Register

Getting ready for GDPR doesn’t have to be as confusing as it appears to be.  Read our 3 part blog designed to walk you through the stages, so you don’t go crazy!

 

1 Awareness

Make sure that the relevant people in your business are aware of GDPR and the repercussions of not complying correctly.  This would probably be any stakeholders, decision makers and department heads.  Assign one person or a committee to take ownership of GDPR compliance.   Businesses over 250 in size will be obliged to employ a DPO (Data Protection Officer).

 

2  Identify Data

Assess what personal information you hold, also, where it came from and how you hold it.  A proper review must be made here, many businesses hold information in ways that they hadn’t realised. If your company is larger, then all department heads should be involved in this.  Ascertain how much information is being held and if employees are storing information they shouldn’t be.  Privacy data could include:

 

  • Basic identity information including name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Racial or Ethnic data
  • Political opinions
  • Sexual orientation

 

3 Create a Data Register

Since your business will need to demonstrate its progress towards becoming compliant should there be any queries, you should create a Data Register. The Data Protection Agency (DPA) will be responsible for checking compliance and can impose hefty fines.  The Data Register may be an important tool in proving the business’s journey towards compliance and should contain all the information outlined in Article 30.  It might look something like this.

 

 

 

 

 

 

 

 

 

 

 

Once you have started steps in all these areas you will be making firm progress towards compliance.

Catch up with our next blog for the steps that follow as we head into Stage 2 of GDPR compliance.

 

 

Related from Artisan Accounts

GDPR Compliance – Stage 2

GDPR – 8 Points You Need to Know

How to Create a Disaster Recovery Plan (DRP)

How to prepare for Ransomware

 

 

Share this post

  •