Modern technology and the digital era has resulted in more personal data being shared, stored and processed than ever before, with the headlines regularly featuring stories on personal data breaches and the intentional, and unintentional, misuse of personal data.
The General Data Protection Regulations (GDPR), which came into force on May 25th 2018, are intended to give individuals more rights regarding how their personal data is used, and to ensure that organisations are transparent and accountable in how they use personal data.
Today, businesses process personal data for many different reasons, often on a daily basis – from databases containing customer information, to email marketing lists, and even applications for employment – no matter the industry or size of the organisation, the likelihood is your business is processing personal data in some form, which means you need to be GDPR compliant.
Some key questions to ask yourself include:
- Do you know (and have you recorded) all types of personal data that you process, including where it is stored, how long it is stored for, and who has access to it? As well as what your legal reason is for processing the data?
- Do you have a Privacy Notice, and Data Protection Policy in place?
- Do you provide training to employees on how to deal with personal data?
- Do you have a clear retention policy for personal data, and how do you ensure that data is securely deleted or destroyed when no longer needed?
- Do you know what to do in the event that someone makes a Subject Access Request?
- If you outsource any of your business functions, which includes the sharing of personal data, do you have appropriate Data Processing Agreements in place?
- If you need to, have you registered with the Information Commissioner’s Office – the body responsible for enforcing data protection legislation in the UK?
You should be in a position to answer these questions, and more depending on the nature of your business and the types of personal data you process.
Inspired Business Solutions offer cost-effective GDPR Compliance Packs to help you understand what your legal obligations are, and to help you ensure that you are meeting the requirements of legislation. Contact us to find out more.