Steps towards compliance
The GDPR brings fundamental changes to the data protection compliance regime and is “the biggest thing to happen in the privacy arena in 20 years”. (Lisa Sotto, Hunton & Williams).
The Information Commissioner is developing a Toolkit to assist controllers and processors move towards compliance with the new regime.
The steps towards compliance are:
- Understand the new era of compliance
- Know Your Data - map the 5 W's of personal data
- Improve practice
Businesses should start to review and analyse:
- The personal data being processed
- Ask what actually happens across the business – consult both senior management and front line staff about how personal data is obtained and used
- All documentation, fair processing information, website information, policies and procedures, staff awareness etc. that relate to compliance with the existing data protection legislation
- The current governance and security arrangements
- The retention of personal data (including archives)
- How the business manages the exercised rights of individuals, such as subject access requests, withdrawal of consent, opt outs from marketing