Planning and prioritising ahead of the GDPR deadline
- AuthorMatt Rowley
Implementation of the General Data Protection Regulations (or ‘GDPR’) and the Data Protection Bill 2017 mean new rules concerning the storage, handling and use of data come into force in May next year. With a focus on giving individuals more control over their personal data and limiting how and why organisations store and use all types of personal information about individuals, this new legislation is a big step up from the current data protection regime. The range of information covered is extensive and includes data about employees, prospective job candidates, suppliers, contractors and, of course, your customers and prospective customers.
For many organisations, the new requirements will not necessarily be onerous but will require some planning and documentation to take place in advance of the May deadline – so it is important to act now. We are running a series of seminars providing practical guidance on the planning and documentation you need to put in place in advance of the May deadline. Topics covered will include:
- Picking the best people to fulfil the necessary roles
- Developing systems for efficiently auditing and recording the types of personal data you hold or process, where it is held (including considerations for dealing with ‘informal’ or ‘shadow’ storage) and why
- Prioritising what internal processes or documentation need to be changed and by whom
- Ensuring appropriate permissions are in place from customers, employees and others about the processing of their personal data
- Educating line managers and staff to recognise what is personal data, particularly sensitive data, and how to handle this appropriately
- Putting in place processes to deal with individual requests about personal data records and potential ‘data breaches’
- Methods for ensuring that all aspects of your operation are developed with consideration of the storage and handling of data through ‘data impact assessments’
- Considerations for dealing with third party contracts including some basic contract terms, tendering processes and businesses outside the European Economic Area (EEA)
Whether you are a business owner, a director, a senior manager or have specific responsibilities for compliance in your organisation, these seminars are designed to provide a practical framework that you can implement in the months leading up to the GDPR deadline.
Our next events:
What GDPR means for HR and employers - Scarborough - Wed 6th December 2017. More details and to book.
What GDPR means for those responsible for compliance in their organisation - York - Tuesday 19th December 2017. More details and to book.
What GDPR means for those responsible for compliance in their organisation - York - Tuesday 16th January 2018. More details and to book.