Why is GDPR crucial for your organisation?

No organisation can afford to assume that being GDPR Compliant is not relevant to them. From the small business owner to the blue chip corporate, GDPR compliance needs structured implementation from a legal compliance perspective (e.g. GDPR and Data Protection Act 2018), personal data protection systems implemented (e.g. secure storage of personal data) and constant review (in line with any changes to legislation post BREXIT for example) by an industry expert.

It is the last of these that we advise all organisations to specifically focus on, if they are unsure of their current position - the 'constant review'. In order to stay GDPR compliant with the law, a business needs to constantly reassess it's procedures and practices.

For example, when hiring new staff members, have you procedures in place concerning your GDPR policies (e.g. training them on what personal data you process in the organisation and your compliant procedures for processing that data)? 

Being GDPR compliant not only applies to electronic data but also more crucially paper based confidential data and documents. Often systems are not in place to securely process paper personal data. Most offices deal with a lot of paper documents, no matter how 'paper free' an office claims or tries to be. So if this is the case, what are some of the easy wins to stay compliant with GDPR:

SECURE STORAGE – Have systems in place to deal with confidential paper waste. All documents must be safely secured at all times, when not in use by a company representative. Confidential Waste Bins, Secure Office Furniture and Lockers are all good on site GDPR compliant methods for safely storing your organisations personal data day to day and secure document scanning and archive box storage are very secure methods for dealing with larger volumes of legacy paper personal data that has to be kept legally.

CONFIDENTIAL WASTE DESTRUCTION – Ensure you have a secure on site document shredding service, we suggest a four weekly service as a minimum. This is to ensure all documents with personal data are securely destroyed and you obtain the Certificate of Destruction (GDPR compliance document) from an approved contractor. Shredding on site yourselves is not GDPR compliant as you cannot prove legally you have securely destroyed your stakeholders personal data!

ACCOUNTABILITY & TRAINING – Ensure anyone processing confidential waste for your organisation understands their legal obligations under GDPR. For example leaving confidential documents on desks overnight, when contractors may have access to the building, would be a breach of GDPR.

COMPANY GDPR STANDARD – All organisations have a Privacy Policy and/or Health & Safety Policy. We suggest obtaining a Confidential Document Policy for your organisation, which details the flow of paper documents in your organisation, highlights any risks and details the actions needed. This should be displayed in your organisation and issued to all stakeholders.

The successful implementation of GDPR in your organisation can bring about many benefits from a compliance, cost, operational and marketing perspective. Unsure of which stage in the GDPR journey your organisation is at? Contact CSRB Limited to arrange a free 1hr consultation with an industry expert.

#GDPR #Compliance