With less than a month to go until laws on data protection change and General Data Protection Regulation (GDPR) comes into force, businesses are running out of time to ensure compliance is achieved before May 25th.
The Federation of Small Businesses (FSB) has produced a GDPR checklist to help businesses comply with the impending regulation.
FSB Preparation Checklist (Source: FSB):
- Audit time
Do an internal audit to determine what data you have, how you use it and where the data goes.
- Get aware
Familiarise yourself and your staff on GPDR and how it will impact your business. Make sure your procedures deliver the rights it gives individuals.
- Record it
Make sure all your data security, handling and processing arrangements are set out in written policies or procedures. Be sure to update regularly.
- Delete it
Make sure you safely and securely delete any data you don’t need or use.
- Keep it under lock and key
Make sure your systems store personal data properly and securely.
- Give me access
Prepare a plan or policy for handling subject access requests to make sure you are ready if someone asks to see their data that you hold.
- Secure it
Prepare a security framework and an emergency preparedness plan that outlines how personal date is handled and what to do in a breach.
- Policy review
Review and amend your privacy policies for your customers and suppliers.
- Consent review
Review how you seek, record and manage consent and whether you need to make any changes. People must be able to opt-in and have an easy way of opting out.
- Choose a lead
If you can, designate a dedicated data protection staff member who takes responsibility for data protection compliance.
- Age matters
If your business is children facing make sure you put systems in place to verify individuals’ ages and obtain parental or guardian consent when needed.
- Cross-border processing
If you work across borders, find out who your main supervisory authority is and keep this information accessible.