The magazine for Aycliffe Business Park | 15
Paul Humble ( left ) and Ben Healey of Aycliffe law firm Greystone Legal .
GDPaaRRRgh !
25 May 2018 should by now be burned into every business owners ’ mind ! While many employers have policies and procedures in place , a surprising number of businesses are still to turn their attention to compliance with the new regulations .
Greystone Legal are assisting local businesses with cost-effective solutions to help them on their way to GDPR compliance .
If you still need to get your act together , Greystone Legal have put together some useful pointers .
Our seven steps to creating a Data Protection Policy :
1 . Decide whether you process personal data , almost every business does . Remember , personal data is anything which can be used to identify an individual – whether that ’ s in writing , on a computer – even a photograph or video footage .
2 . If you hold or process personal data then you must register with the Information Commissioners Office – for smaller businesses it is only £ 35.00 – go to ico . org . uk / for-organisations / register /
3 . Work out what data processing activities you undertake e . g . customer contact details , email marketing , employee details etc .
4 . For each data processing activity you carry out , identify the personal data you hold e . g . names , email address , IP addresses etc . Remember to consider whether the personal data is absolutely necessary – for example , do you really need that date of birth to conduct your email marketing ?
5 . Once you have identified the data process and the personal data for that process , you should then consider the lawful basis that allows you to process the personal data . If there is no lawful basis , you must not hold or process personal data . This ICO guide can help - https :// ico . org . uk / for-organisations / resourcesand-support / getting-ready-for-the-gdprresources / lawful-basis-interactiveguidance-tool /
6 . You should put the above information together into a Data Protection Policy . You should make sure it addresses : Data Retention , Data Security , Rights of Data Subjects ( how will you deal with the right to be informed , access , rectification , etc .)
7 . Make sure people are aware of your policies . How will you communicate them to staff and data subjects ?
TEMPLATE PACKAGE We shall provide the following templates for you to complete to help ensure your business is GDPR compliant > Data Protection Policy > Data Processing Agreement > Data Retention Policy > Employee Data Processing Policy and Contract Clause > Website Privacy Policy > Cookie Policy Plus 30 minutes legal advice call with a solicitor £ 395 + VAT
BESPOKE PACKAGE We shall provide the following documentation bespoke to your business requirements : > Data Protection Policy > Data Processing Agreement > Data Retention Policy > Employee Data Processing Policy and Contract Clause > Website Privacy Policy > Cookie Policy Includes specialist advice and documents prepared based upon the specific requirements of your business FROM £ 695 + VAT
Greystone Legal can provide advice , assistance and representation in respect of the full range of employment and commercial law issues . If you wish to discuss any employment or commercial law issues you can contact Greystone Legal on 01325 787007 or email info @ greystone . legal