It’s been seven years since GDPR landed in our lives, and for many organisations, the honeymoon period is well and truly over.
Here are seven practical tips to rekindle your GDPR compliance…
It’s still personal – even without a name, if someone can be identified from the data you hold, directly or indirectly, it’s personal data. Carry out a data audit to identify the extent of the personal data you hold.
“Just in case…” – holding on to personal data longer than needed creates unnecessary risk and can add complications when dealing with Data Subject Access Requests (DSARs) – the more you hold, the harder it is to locate relevant data. Set clear retention policies, stick to them, and carry out regular reviews to delete or archive data.
Policies and training – make sure both are in place and regularly refreshed. They ensure everyone understands their responsibilities, how to handle data correctly, and reduces the risk of a breach.
Impact assessments – if you’re processing personal data without a clear lawful basis or skipping impact assessments where needed, you’re on shaky ground. Ensure they’re carried out, documented, and processing practices are regularly reviewed.
“That wasn’t a DSAR…was it?” – informal or verbal requests still count. Delaying action because someone didn’t use the ‘right format’ could land you in hot water as the response deadline starts ticking from the point of the request. Train your teams to recognise DSARs and what process needs to be followed.
“Was that a breach?” – don’t wait and see. You’ve got 72 hours to report qualifying breaches to the ICO. Employees need to know how to spot and escalate issues, fast.
AI tools – chatbots and AI tools may feel shiny and new, but if employees input personal data without controls, it’s likely to be a breach. Have clear policies, training, and transparency in place as to your stance on using this tech.
We’ve got a host of solutions to support you to get your relationship with data protection back on track – toolkits, audits, training – get in touch if you’d like to find out more.
This update is accurate on the date it was published but may be subject to change which may or may not be notified to you. This update is not to be taken as advice and you should seek advice if anything contained within affects you or your business.