hiya bucks Amersham, Beaconsfield, Chesham, Gerrards Cross, Missenden November 2018 | Page 30

How is your business getting on with GDPR? A few months have passed since the General Data Protection Regulations (GDPR) came into force and, although some organisations spent months preparing for the new laws before the change, there are a number of businesses which are still working towards closer compliance. It is important for every business to appreciate the importance of getting its procedures right, as being fair and transparent will not only minimise the potential risk of a hefty fine from the Information Commissioner’s Office but is also likely to have a positive impact on your relationship with your customers. Below are a few tips for your organisation: 1. Appoint an internal GDPR officer: Smaller businesses are unlikely to be legally required to appoint a DPO (a data protection officer) but it would be recommended to have a designated person who can lead organisational changes or to whom specific privacy issues can be referred internally. Such person should ensure that they are familiar with key obligations imposed by GDPR and, ideally, have a professional whom they can contact with any queries should they need to seek legal advice, for example, in the event of a security breach or a data subject access request. 2. Review your privacy policies: Make sure you have up to date privacy policies explaining how you are collecting, storing and otherwise processing personal data of your customers, suppliers and employees (including ex-employees, candidates, consultants and subcontractors). Are the policies clear and transparent about how and for what purpose you use personal data? You should ensure that the policies are regularly reviewed and are as specific to your organisation as possible. Generic or vague statements are unlikely to be GDPR compliant. 3. Monitor your security arrangements: Do you have organisational and physical security measures in place to ensure that any risk of personal data being accessed by unauthorised third parties is sufficiently minimised, e.g. clean desk policy and locked cupboards? You should also regularly review your cyber security with IT providers. 4. Make sure your marketing strategy is compliant: You should ensure that your marketing strategy is in line with GDPR requirements and, where you send electronic marketing information, with the Privacy and Electronic Communications (EC Directive) Regulations 2003 (as amended). Are you comfortable and can you demonstrate that your customers have expressly consented to receiving e-marketing messages from you? Are you providing your customers with an option to unsubscribe? If a person opts out, do you have appropriate systems in place to ensure that that person is not contacted again, e.g. a suppression list? There will be a number of other equally important matters for your business to consider and if you are ever in doubt about your obligations, you should seek help from a professional. Michelle Waligora 01895 207961 [email protected] Wealth Management | Family Businesses | Wills, Trusts and Probate | Residential Conveyancing | Family | Employment | Personal Injury For more information call 03456 381381 or email [email protected] www.ibblaw.co.uk 30 | hiyabucks.com