On 25 May 2018, the General Data Protection Regulation (GDPR) came into force. There has been some confusion for companies on their responsibilities regarding the data they collect, store, manipulate and exchange. Here is a list of five things that your company should be doing.

  1. Audit your data.

    To ensure full compliance with GDPR your business needs to know which data it has collected, where this is stored and how it is used. This is the “personal data” as defined under the regulations.

  2. Receiving consent.

    Overhaul how your business asks for personal information and how full consent is requested. This will mean updating contact forms, terms and conditions and your privacy policy.

  3. Full and timely access.

    One of the most important aspects of GDPR is being able to identify a piece of personal data that the owner has requested is deleted. This “right to be forgotten” is a fundamental part of GDPR and must be fully supported by your business.

  4. Security first.

    With such high fines for data breaches, upgrading the data security across your business is critical to avoid the personal information you hold being compromised.

  5. Do you need a Data Protection Officer?

    If your business or organisation routinely collects and processes “personal data” you will need a Data Protection Officer (DPO). This is a sensible appointment, as your business will then have a central point of contact for GDPR.

Last reviewed 1 October 2018