Are you ready for the introduction of GDPR in three weeks? Jennifer Bell of law firm CG Professional offers 10 top tips
With 25 May only a few weeks away, you will have no doubt have heard about the imminent General Data Protection Regulation (GDPR).
Your inbox is likely to be over-flowing with information on the nuance and detail of the regulations and as a third-party provider of services, customers are no doubt seeking confirmation of your GDPR strategies and looking to update any contracts with you to ensure that they are compliant.
If you haven’t yet hit your breaking point, you may well be on the verge! However, fear not, there is still time to act and implement the necessary changes.
– Set some time aside to fully understand why you collect and hold personal data and also how it is collected. You may need to speak to several people to do this, but it is the first step. GDPR requires you to explain to individuals how their data is used, and you can only do this properly if you understand yourself why you collect and hold it
– Dust off your privacy notices and update them to include the information needed under GDPR. Remember though, when doing so:
– Use clear and straight-forward language. Avoid confusing terminology and legalistic language
– Keep it short and to the point
– Set it out in a clear and structured way
– Review your consent practices. Requests for consent must be transparent and cannot be hidden among small print. Businesses that are reliant on consent must be able to prove how they obtained it after GDPR comes into effect
– Make sure you have the right procedures in place to detect, report and investigate a personal data breach
– Assess how long you hold data for and how you secure it. Consider if you need to hold it and whether your holding it for longer than you need to
– Review your standard terms and conditions and supplier contracts to ensure they meet the necessary additional requirements
– Carry out due diligence on your suppliers to check they are GDPR compliant. Obtain guarantees from them and give yourselves the right to audit their policies and procedures
– Check to see if your insurance policies will cover data protection and security breaches including any breaches of your suppliers
– If you’re a supplier of services, review any proposed contract changes that a customer may be requiring, to ensure that you’re not in breach of them and be aware of any indemnities that may be being sought from you
– Keep records of what you are doing so that you can evidence your compliance
For further information on GDPR, terms and conditions or contracts for services speak to Jennifer Bell at Jennifer.bell@cgprofessional.co.uk or 07919 414758.