How is your business
getting on with GDPR?
A few months have passed since the General Data
Protection Regulations (GDPR) came into force
and, although some organisations spent months
preparing for the new laws before the change, there
are a number of businesses which are still working
towards closer compliance.
It is important for every business to appreciate the
importance of getting its procedures right, as being
fair and transparent will not only minimise the
potential risk of a hefty fine from the Information
Commissioner’s Office but is also likely to have
a positive impact on your relationship with your
customers. Below are a few tips for your organisation:
1. Appoint an internal GDPR officer: Smaller
businesses are unlikely to be legally required to
appoint a DPO (a data protection officer) but it would
be recommended to have a designated person who
can lead organisational changes or to whom specific
privacy issues can be referred internally. Such
person should ensure that they are familiar with key
obligations imposed by GDPR and, ideally, have a
professional whom they can contact with any queries
should they need to seek legal advice, for example, in
the event of a security breach or a data subject access
request.
2. Review your privacy policies: Make sure you have
up to date privacy policies explaining how you are
collecting, storing and otherwise processing personal
data of your customers, suppliers and employees
(including ex-employees, candidates, consultants
and subcontractors). Are the policies clear and
transparent about how and for what purpose you use
personal data? You should ensure that the policies
are regularly reviewed and are as specific to your
organisation as possible. Generic or vague statements
are unlikely to be GDPR compliant.
3. Monitor your security arrangements: Do you have
organisational and physical security measures in
place to ensure that any risk of personal data being
accessed by unauthorised third parties is sufficiently
minimised, e.g. clean desk policy and locked
cupboards? You should also regularly review your
cyber security with IT providers.
4. Make sure your marketing strategy is compliant:
You should ensure that your marketing strategy is in
line with GDPR requirements and, where you send
electronic marketing information, with the Privacy and
Electronic Communications (EC Directive) Regulations
2003 (as amended). Are you comfortable and can you
demonstrate that your customers have expressly
consented to receiving e-marketing messages from
you? Are you providing your customers with an option
to unsubscribe? If a person opts out, do you have
appropriate systems in place to ensure that that
person is not contacted again, e.g. a suppression list?
There will be a number of other equally important
matters for your business to consider and if you are
ever in doubt about your obligations, you should seek
help from a professional.
Michelle Waligora
01895 207961
[email protected]
Wealth Management | Family Businesses | Wills, Trusts and Probate | Residential
Conveyancing | Family | Employment | Personal Injury
For more information call
03456 381381 or email [email protected]
www.ibblaw.co.uk
30 |
hiyabucks.com