The GDPR is now enforceable, and we have the new Data Protection Act 2018. All businesses, of whatever size, and whether you sell only to other businesses, consumers, or both need to be able to “demonstrate compliance” with these new provisions.

Action Points for Compliance:

• Invest time in conducting a thorough data mapping exercise.

• Consider where you are passing on data – where are the third parties and why is it being passed on?

• Consider your budget for a breach – are senior management/the board fully aware of their new responsibilities and the potential for financial penalties?
• Ensure all third parties that you deal with have a GDPR compliant contract governing the relationship/use of data.

• Is your business IT savvy enough to deal with GDPR?

• Are all policies GDPR compliant and have you considered risk assessments in relation to your work processes?

• Have staff (at ALL levels) been appropriately trained on GDPR and IT security? This should be carried out at least once a year.

• Does your business have a data cleansing plan?

• Do you have a data breach policy in place – are you ready to act and respond accordingly should there be a breach?

• Are you ready for Subject Access Requests?

• Protect your rep – do you have a social media policy/trade marks registered? How do you deal with managing your reputation following a breach?

• Remember that compliance with GDPR should be implemented and considered on a daily basis – compliance is an ongoing requirement not a one off task.

The commercial team at Bright solicitors advise on the latest developments on GDPR, data protection and privacy and are able to advise on how best to ensure compliance.