GDPR Checklist – What must you do before 25 May 2018?
The General Data Protection Regulation (GDPR) will come into force in the UK on 25 May 2018. With little more than two months to go before the new regulation comes into force, do you understand how your rights and obligations will change in relation to the handling of personal data? Is your business prepared for those changes?
What is the GDPR?
From 25 May 2018, the way you, as a business, collect, store and use your data will be subject to additional scrutiny.
All businesses should now treat data compliance as a commercial necessity: non-compliance could mean a substantial fine, whatever the size of your business.
Checklist: what can I do now to comply with the GDPR?
To ensure compliance with the GDPR, businesses should start to prepare for the GDPR immediately. Read our checklist on what you can do now.
- Read the GDPR and ensure you understand what is required.
- Consider appointing one of your management team to oversee compliance (in some cases this will be mandatory) – but if you do, ensure that he or she is reporting to the board or business owners regularly.
- Audit your data. This is an onerous exercise: do not underestimate it. You will need to be able to identify “personal data” then find out what data you store.
- Review how you collect information. Is it by website cookies? By email? Through your contracts?
- Review how you manage your data storage (and where it is stored).
- Document these processes.
- Check whether you are allowed to keep the data. You might have to justify why you have it and whether you have customer permission to keep it.
- Review your privacy policies and notices. Do they need to be changed?
- Train your employees on the data protection laws and ensure they understand why data protection is so important for you and your customers.
- Review your systems’ security arrangements. Are they safe from hackers?
- Train your employees on the risks of cybercrime and how to avoid it. Give refresher courses on a regular basis.
- If a customer asks you to delete or remove their personal data from your records – do so immediately. Set up a system for doing this. Ensure someone within your business has responsibility for this task.
- Review data regularly. If you don’t need it, delete it.
- The GDPR will affect how you handle your digital marketing. Work closely with your marketing team to ensure compliance.
- Have you prepared for a cyber attack? (All cyber attacks must be reported to the Information Commissioner’s Office (ICO)).
This checklist first appeared in our Guide to the General Data Protection Regulation which you can download here.
How can we help?
We have a team of experts with specialist knowledge on the GDPR. We can guide you through the requirements of the new regulation and how to implement them.
- Click here for our GDPR webpage.
- We recently held a seminar on the GDPR. If you would like a copy of the handout, please contact Keith Kennedy.
- You can also read our blog: Businesses still in the dark about GDPR.
To discuss the effect of the GDPR on your business, contact:
- Keith Kennedy, Partner, Corporate and Commercial, by email, Keith.Kennedy@pearsonlegal.co.uk, or on 0161 684 6942; or
- Ruth Smith, Consultant, Corporate and Commercial, by email, Ruth.Smith@pearsonlegal.co.uk, or on 0161 785 3500.
Subscribe to our newsletter
Please note that the information and opinions contained in this article are not intended to be comprehensive, nor to provide legal advice. No responsibility for its accuracy or correctness is assumed by Pearson Solicitors and Financial Advisers Ltd or any of its members or employees. Professional legal advice should be obtained before taking, or refraining from taking, any action as a result of this article.
This blog was posted some time ago and its contents may now be out of date. For the latest legal position relating to these issues, get in touch with the author - or make an enquiry now.