Following the success of our third GDPR Seminar and with the GDPR deadline looming – 25 May 2018! We wanted to share our key tips for getting up to date with the new GDPR Regulations.
GDPR (General Data Protection Regulations) is the biggest change in law in over 20 years, it is replacing the Data Protection Act (DPA), which came into effect in 1998 – with technology and the arrival of social media, an update was due. As it’s such a big change in the legal world, it’s likely this new legislation will be ‘tested’ by the regulators, Information Commissions Office (ICO). Highlighting the significance for all business, big and small, to ensure they are compliant and aware of the consequences of non-compliance. There are lots of resources out there, the ICO have created support pages specifically for SME’s.
GDPR is being introduced with the aim of giving everyone greater control over their personal data and to create a standardised set of principles for all firms who currently process and work with customer and employee data.
Below are our key practical steps that SME’s can take:
Inform your staff
Awareness is key with GDPR. It’s great if you already know the ins and outs of the impact and the changes, but you must train and inform your teams, especially those that deal directly with personal information – whether that’s clients or employees.
Adopt an effective online & offline filing system
If you don’t already, now is the perfect time to have a spring clean (it is officially spring) and get all your files and e-mail folders in order.
GDPR Data Map
Although this isn’t a specific requirement by the ICO, we recommend introducing a Data Map. We have found it is an invaluable exercise. Understanding where data comes from, where it goes and how it is used, is so important. Please contact us if you would like any support with this.
Contact Third Parties
Completing a Data Map will highlight to you where data in your business is located, it’s vital that you check with the third parties you use (IT, Payroll etc) that they too are compliant and ensure the systems they use are too.
Update your Policies and Privacy Notice
Updating your internal policies; breach policy, fair notice policy etc need to be done. Do you have a Privacy Notice already? That too will need updating. Please get in touch if you would like more information on this.
All of the above are steps that can be taken to support your business becoming compliant. The consequences are not pretty – hefty fines (up to four x the organisations global turnover) and even imprisonment.
Here at CitrusHR Consulting we are working closely with our clients to ensure they have the information they need from us. We are also offering an HR specific GDPR Package for new clients – please do get in touch with us at CitrusHR Consulting call us on 0844 854 6704 or email us at firstname.lastname@example.org