Action Points for GDPR Compliance:
• Invest time in conducting a thorough data mapping exercise.
• Consider where you are passing on data – where are the third parties and why is it being passed on?
• Consider your budget for a breach – are senior management/the board fully aware of GDPR?
• Ensure all third parties that you deal with have a GDPR compliant contract governing the relationship/use of data.
• Is your business IT savvy enough to deal with GDPR?
• Are all policies GDPR compliant and have you considered risk assessments in relation to your work processes?
• Have staff (at ALL levels) been appropriately trained on GDPR and IT security? This should be carried out at least once a year.
• Does your business have a data cleansing plan?
• Do you have a data breach policy in place – are you ready to act and respond accordingly should there be a breach?
• Are you ready for Subject Access Requests?
• Protect your rep – do you have a social media policy/trade marks registered? How do you deal with managing your reputation following a breach?
• Remember that compliance with GDPR should be implemented and considered on a daily basis rather than just ensuring that you are complying prior to May 2018!
The commercial team at Bright Solicitors advise on the latest developments on GDPR and are able to advise on how best to ensure compliance.