Countdown to GDPR
23 May 2018
If you feel underprepared for GDPR going live on Friday, you’re in good company. We’re getting daily phone calls from firms who aren’t sure if they’re affected, and we’re being engaged to help firms become compliant after the deadline has passed.
However unprepared you are, there are a number of essential steps you can still take in the run-up to May 25th. And if you feel your preparations are going well, you may want to use these as a checklist.
- Make sure the firm is registered with the Information Commissioner’s Office (ICO). You can easily do this yourself via the online portal on the ICO website.
- Even if you’re not based in the EU, check if you’re affected. GDPR’s scope is wide, and if you’re just providing goods and services to, or in some way monitoring, EU citizens, you could be caught.
- If you need to comply, put someone in charge of data protection. This doesn’t have to be a data protection officer, but it’s important to have a point of contact for anyone wanting to get in touch about data protection issues.
- Be prepared for data subject access requests. These are now free and the processing time available to respond has shortened from 40 days to a calendar month.
- Check you have the bandwidth to cope. Even if you haven’t yet got a formal process for issues like data subject access requests, aim to design a method for dealing with them without too much impact on business as usual.
- Make a plan for becoming fully compliant as soon as possible. This is probably the most important step you can take at this point: as well as being a useful tool, the plan demonstrates that you’re taking GDPR seriously. Having a comprehensive plan in place may mitigate any instances of non-compliance.
Bovill is helping clients figure out how they’re affected by GDPR and working with them to develop and implement a plan. For more information on this, or to find out about our new GDPR healthcheck get in touch.