The world of GDPR is scary, complex and is a HOT topic right now.

Many businesses have been left confused and terrified by all of the content that is being published in the media and across the internet. There is so much information, free downloads, questionnaires that we are not surprised that the business world is going into panic mode.

But we shouldn’t be afraid of GDPR. It’s not there to damage or ruin relationships with consumers. It’s to protect consumers. At the end of the day we are all consumers, so it protects all of us.

The GDPR mystery solved:

  • GDPR is all about data collection, data management and data storage.
  • The 25th May was the beginning not the end
  • GDPR is not a once off project, management and maintenance are key
  • The best defence is to go the offence. Take action.

Here are my top 10 tips to get you thinking about GDPR

  1.  Only collect and process data that you need for your business. Do not collect data that’s “good to have”
  2. Make sure that you know the lawful bases for processing personal data and document it. We’ll post a blog in the coming weeks on this!
  3. Keep data for a certain period of time is cruical from a PI point of view. ( Joe in English what does this mean?)
  4. If you have 3rd parties that have access or process clients’ personal data make sure that you have a data process agreement in place with them and make sure you’re familiar with their privacy policy. You are responsible for how they manage this data too.
  5. Treat your employee’s personal data the same as client data. Create a policy that states how it will be managed and handled.
  6. Review your privacy policy and publish it on your website, don’t have one? Create one. Make sure if outlines and fulfils GDPR requirements: explain how, where and what you do with client data.
  7. Where is your data stored? You need to be able to access client data, change it and delete it if requested. You need to be able to move data from 1 IT environment to another.
  8. Make sure you have the security levels required i.e laptop encryption, passwords change every 90 days, email encryption, firewalls
  9. Do you know how to identify, manage and resolve a data breach or a subject access request? You need to response within 48 hours and resolve within 90 days.
  10. Don’t panic.

The 25th of May is not a DEADLINE it’s only the beginning.

This is not Y2k – GDPR will not wash over. Think of this like the start of the smoking ban!