With any change like this comes a lot of scaremongering and false advice, leading to many companies taking drastic actions with their data and marketing. The first thing to do is breath!

GDPR is designed to make everyone more responsible for the personal information they hold and to give the individual more control over their data. In the long run it will improve relationships between businesses and their clients. Put the processes in now and in 6 month’s time you will wonder how you ever did things a different way.

The ICO issued a 12 step guidance to prepare for 25th May 2018 and it can be found on their website. In a summary these are:

1. Make sure key people in your organisation are aware of GDPR.
2. Document data you hold and what you do with it.
3. Review privacy notices and make changes where needed.
4. Review the 8 individual’s rights and make changes to procedures where needed.
5. Update your Subject Access Request procedures in line with GDPR.
6. Identify and document the lawful basis for your processing activity.
7. Review your consent mechanisms to ensure it is GDPR-compliant, or find an alternative to consent.
8. Obtain parental or guardian consent for processing children’s personal data.
9. Put procedures in place to detect, report and investigate a personal data breach.
10. Carry out a Privacy Impact Assessment (PIA) when necessary.
11. Designate someone to take responsibility for compliance and a Data Protection Officer (if needed).
12. Determine your lead data protection supervisory authority if you operate in more than one EU member state.

Credit – Content provided by Email Movers