Step 1 Discover and identify:
Step 2 GDPR Policy and Procedures review:
Step 3 Action & Security controls
Step 4 Awareness & Training
Step 5 Communicating & Communications
Step 6 Obtaining Data & Consent
Last but not least obtaining data and consent is an earth shattering change for organisations as it impacts how we communicate and market the business. The opt-out option is no longer an option. Instead you must use double opt-in principle and with no conditions of service attached.
How to obtain consent:
|Consent must be||Must not be|
|√ Clear statement and affirmative action||× Pre-ticked boxes|
|√ Freely given||× Not condition of receiving service|
|√ Fairly processed||× Confusing language|
|√ Easy to withdraw|
Incorporating the 6 steps into your policies, project management and data activity you will hit every milestone on the road to GDPR compliance in Spring 2018.
This is when it becomes even more complicated. Under GDPR each organisation is held accountable for data management. What’s more, you are expected to be self-regulating. The burden of proof to prove you are following the directive lies with your company’s Data Handler not with the external auditors.
Under the banner of accountability, the roles and responsibilities for handling staff and client data should be managed by a ‘named’ person.
The accountable person must have in-depth GDPR knowledge, provide support to staff and policy makers and hold the authority to make relevant decisions. There’s 3 options to consider for managing accountability:
As always, there’s exceptions to the rule. You have no option but to appoint a DPO if you are a:
As a digital agency handling data every day we can’t stress enough how important getting GDPR right first time is for your organisation and above all for anyone you hold personal data records on.
Talk to a legal expert as soon as possible. If time is against you and the experts are busy talking to your competitors you face costly penalties and risk damage to your reputation.
To carry out your organisations data mapping exercise or discuss GDPR requirements contact Alistair Macneil today on 0141 249 0641 or firstname.lastname@example.org
If you looking for legal advice to update privacy and data policies get in touch with the experts at MacDonald Hendersons