GDPR compliance needs to be high on everyone's agenda until the regulation comes into effect on 25th May 2018.
Alarmingly recent research on behalf of the government showed that only 38% of UK companies were aware of the GDPR and, of those, only about 25% had made a start on their GDPR compliance project!
If you are just starting your GDPR compliance work, it’s very unlikely that you’ll be fully compliant by the deadline, but you still need to take steps to prove you're making an effort to comply.
Key things to consider:-
SLT awareness and attention – convince your SLT that GDPR is a top priority, and ensure a senior manager is accountable for GDPR work and providing the necessary resources.
Roles and responsibilities – it will need more than one person at this late stage.
Training – make sure those responsible for the work are competent to implement GDPR.
Privacy notices – they need to be displayed or at very least sign-posted to data subjects wherever you capture data.
Incident response and breach reporting – implement procedures and educate staff on what constitutes a data breach to ensure the whole organisation follows procedure should you be breached.
Security measures – protect the data you hold by taking security seriously.
Subject access requests (SARs) – update your procedure for SARs so that you are ready to handle one under GDPR – remember, you will only have 30 days to respond!
Staff awareness – it’s vital that your staff are aware of the GDPR basics, and the issues that are most likely to bring about breaches.
Delete any data that is no longer legally required – if you don’t have a lawful reason to keep it, remove it.
Addressing these issues is an effective way to begin your GDPR compliance work, and will be likely to help to minimise any penalties should you experience a data breach.