GDPR (General Data Protection Regulations) sets out legislation to protect your personal data. Businesses will have until the 25th may 2018 to become compliant with the new regulations.
Data Protection Legislation is relevant to all areas in which a business processes its personal data, including that of employees, customers, suppliers, contractors, agency staff and website users.
The data relating to employees does not just mean the data on the employer’s personal record system but also relates to CCTV usage, computer log ins, website usage, phone calls made and received, emails sent and received and so much more.
GDPR requires you to comply with a set of principles for processing the personal data. A starting point is to ensure that you comply with the current Data Protection Regime.
The volume of information available around GDPR makes it very daunting for those who need to plan for change and it is difficult to see the wood for the trees. However, the ICO (Information Commissioners Office) has provided a very useful paper entitled “Preparing for the General Data Protection regulation”
This paper provides a useful 12 step process to take now to help make sure you are GDPR compliant:-
- Awareness- Being aware of the changes to GDPR
- Information you hold- Where it came form and who to share it with
- Community Privacy information- Review your current notices
- Individuals’ Rights- Check your procedures
- Lawful basis for processing personal data- Identify the lawful basis for your processing activity in GDPR
- Consent- Review how you seek, record and manage consent
- Children- Do you need to put systems in place to verify ages and to obtain parental or guardian consent for data processing
- Data breaches- Check and re-check your procedures
- Data protection by design and data protection impact assessments- Check the ICO’s code of practises
- Data protection officers- Designate someone to take responsibility.
- International- Do you operate in more that one EU member of state.
For more information around the above steps it is advisable to check out the ICO’s website here: https://ico.org.uk/for-organisations/resources-and-support/data-protection-self-assessment/getting-ready-for-the-gdpr/
If you require any advice with regard to preparations for the GDPR as an employer, please contact Elaine Goodwin on 01782 262031 or email Elaine.Goodwin@tinsdills.co.uk