The General Data Protection Regulation UK Spelling | Page 13

Legal basis for processing personal data
You should look at the various types of data processing you carry out , identify your legal basis for carrying it out and document it .
Consent
You should review how you are seeking , obtaining and recording consent and whether you need to make any changes .
Data breaches
You should make sure you have the right procedures in place to detect , report and investigate a personal data breach .
Data Protection by Design and Data Protection Impact Assessments
You should familiarise yourself now with the guidance the ICO has produced on Privacy Impact Assessments ( PIAs ) and consider how to implement them .
Data Protection Officers
You should designate a Data Protection Officer , if required , or someone to take responsibility for data protection compliance and assess where this role will sit within your organisation ’ s structure and governance arrangements .
International
If your organisation operates internationally , you should determine which data protection supervisory authority you come under .
Extracts from Information Commissioner ’ s Office , Preparing for the General Data Protection Regulation ( GDPR ) 14 / 3 / 16 , licensed under the Open Government Licence .
SAN FRANCISCO | NEW YORK | LONDON | READING | PRAGUE | KUALA LUMPUR | SYDNEY