GDPR: the clock is ticking

With less than eleven months to go, organisations should be well on their way to ensuring they’re compliant for the 25th May 2018 deadline. Key to this is your project plan and process mapping.

It is key that those involved inform decision-makers on the impact of the GDPR and get consensus on importance and approach. Executive sponsorship will be critical in ensuring the project has the right gravitas within the organisation.

As part of your mapping you need to fully understand your personal data use and processing. Ask the following questions:

• Where is personal data stored?
• How secure is it?
• Who has control?
• Is it shared?
• Do you hold data of non-UK EU residents?
• Is data transferred across borders or outside the EEA?
• Do you have a retention policy and do you know your third parties?

Identify personal data flows at this stage and any risks involved will need adequate safeguard measures and processes. Identify activities that involve processing of data subjects in other EU member states as these will fall fully within the GDPR.

Understand the legal grounds on which you currently collect and use data. In particular, examine how consent and legitimate interests are used as the basis for processing personal data and document these.

Review your IT systems and procedures. See if IT systems and organisational processes can cope technically with new individual rights in a timely manner and think about subject access requests, data portability, right to be forgotten, recording objections or withdrawal from processing as well as deletion of information.

You’ll need to design training for all staff, and specific training for individuals with data processing responsibilities following the introduction of new data protection policies and procedures.

This is just the start of the many stages required for compliance, and its vital your organisation understands the change, enhancement and the new regulations to ensure you can demonstrate your compliance in May 2018.

We run a detailed and thorough half day update course which will take you through all the elements of the act along with their impact on the HR and Payroll environments.