Turner Little: Are you ready for GDPR?

Changes to the General Data Protection Regulation (GDPR) are coming. In fact, they’re due to be enforced on 25 May. Are you ready? The Turner Little team has put together 12 steps you should take right now to make sure you’re prepared.

1. Promote awareness

Are all of the key people in your business aware that the data protection law is changing to GDPR? Depending on the size of your business, you must make sure everyone understands what it means and what they must do. It’s imperative that every decision maker in your company understands and appreciates the impact that GDPR will have.

2. What info do you have?

Document all the personal data your business holds. Include where it came from and who you share it with. To do this effectively, you should hold an information audit, and work through the steps carefully. You must be able to present all the info you hold and prove where it came from and where it goes.

3. Review privacy

What are your businesses’ privacy notices? It’s time to review them thoroughly and put a plan together for making the necessary changes surrounding how you communicate privacy information in time for GDPR implementation.

4. Rights for individuals

Your procedures must cover all the rights individuals have concerning their data. This includes how you would go about ensuring personal data is deleted, as well as how you provide data electronically.

5. Plan access request timings

Your company must update its procedures in terms of subject access requests. Plan how these requests will be managed within the new timescales.

6. Processing personal data

You must work out the lawful basis for the way your business processes personal data activity, document it and update your privacy notice thoroughly explaining it.

7. How do you seek consent?

Review how your company seeks, records and manages consent and decide whether you need to implement changes. Refresh your existing consent procedures now if they don’t meet the GDPR standard.

8. Age-based systems

Decide now whether you need to implement specific systems to verify the age of individuals. Include how you would obtain consent from parents or guardians for data processing activity.

9. Breaches of data

You must have the correct procedures in place to find, report and investigate any personal data breaches.

10. Legislation

Familiarise yourself with the ICO’s code of practice on Privacy Impact Assessments, and the guidance from the Article 29 Working Party. When you understand them, decide how and when you will implement them in your business.

11. Data Protection Officers

Someone must take responsibility for compliance in this area. You must work out where this role should sit within your company structure and governance arrangements. Research whether you must formally appoint a Data Protection Officer.

12. International processing

If your business operates in more than one EU member state (this could mean you carry out cross-border data processing) then you must find out who your lead data protection supervisory authority is. See article 29 Working Party guidelines for help with this.

If you need assistance in determining whether your business is ready for the data protection changes, contact the team at Turner Little.

About Turner Little

Founded in 1998 in Yorkshire, UK, Turner Little is a specialist UK and offshore company formation, banking and corporate services provider. Our services include company formation, UK and offshore banking, asset protection, credit correction/repair, trademarking and trusts. Other services include Internet services, mail forwarding, wills and probate. Turner Little’s vision is to offer the best possible service, together with market leading products.