How to prepare for GDPR?
With only 3 months to go until you need to be GDPR compliant, how prepared are you and your business?
The ‘GDPR’ wheels must be in motion before Friday 25th May otherwise your business could be faced with hefty fines. For many, GDPR is one of those things on peoples to do lists that’s struggling to make it to the top, however, with time running out, it’s time it did.
Whether you’re putting it off because you simply don’t understand what to do or have a vague understanding but aren’t sure how to start preparing for it, Fabulous Marketing are on hand to help you every step of the way. We can help put your mind at ease and make what might feel like the impossible, possible. We recognise that there is a lot of work involved to ensure you are compliant and the sooner you make a start, by contacting us, the better.
We have prepared a list of tasks that are essential you do in order to be GDPR compliant. The following tasks will help you gain a better understanding of how much work you need to carry out and to what extent you are already compliant.
Carry out an audit trail of your data
- What personal data do you hold?
- Where did the personal data come from?
- Where is the personal data stored?
- Who do you share personal data with?
These are really important questions to ask and a great way to start preparing for GDPR, essentially you are mapping out all of the personal data you hold so that you can easily work out how you need to move forward with it.
Amend your privacy notice
With a privacy notice already in existence, this is quite an easy step to address. GDPR requires the information in your privacy notice to be explained in a concise, clear and easy to understand manner and moving forward must outline the following information:
- Your lawful basis for processing data – how you are going to use personal data and why?
- Data retention periods – how long will you keep the personal data on record for?
- The individual’s right to complain to the ICO (Information Commissioner’s Office) if they believe there is a problem in the way you are handling their data.
Consider how you gather consent
The new GDPR guidelines state that organisations must gather explicit consent from individuals to be able to hold their personal data. A good place to start is to look at your current processes for gathering data and see how it fits in line with the new guidelines. Once you have done this you will know whether it’s simple enough to amend your existing process or easier to begin from scratch.
- Consent must be freely given, specific, informed and unambiguous
- There must be a positive ‘opt-in’ – it can’t be inferred from silence, pre-ticked boxes or inactivity
- Consent must be separate from other Terms and Conditions
- Withdrawing consent must be simple
At this point it is worth considering doing a ‘re-engagement’ campaign – an email to recapture people’s data and explicit consent. This will result in a much cleaner database, filled with individuals that want to be connected with your organisation rather than those that don’t.
Recording your processes
You should make sure you have the right procedures in place to detect, report and investigate a data breach. A data breach is classed as the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data transmitted, stored or otherwise processed. If you able to evidence your procedure this will really help you. If a security breach does occur, you have 72 hours to notify the individual. Documenting the procedure will also benefit all other employees so they know how to deal with such situation.
Fabulous Marketing can help you prepare for GDPR
Fabulous Marketing can help you with any number of these steps so don’t hesitate to call us and find out how we can support you with preparing for GDPR. The sooner you get started the better. It’s important to begin making progress so that it is evident you are aware of the importance of being GDPR compliant. Call us on 0800 112 0880 or email firstname.lastname@example.org.