GDPR Corporate Compliance
Liston Enterprises is pleased to announce its association with Go Live UK experts in Cyber Security and Data Protection.
The General Data Protection Regulation (GDPR) is now regulation. This is a legal framework that manages the process of collecting personal data and replaces the Data Protection Directive 1995.
GDPR effects businesses and companies having access to sensitive personal data in their work processes.
20 Key considerations in making your business GDPR compliant
1.Register with the Information Commissioners Office (ICO)
Your size of the company will define the annual amount of the fee. These fees are used to support ICO's work.
2.Create an Asset Register
The asset registers show all different software your business work with. IAR helps you to audit what personal information
you’re storing by creating “map” of the data assets.
3.Create a Data Inventory
Prepare a Data Inventory of the processed types of data (Privacy Notice examples the possible processed data). Need to be
consistently updated. Template
To the process of personal data for one or more specific purposes needs to be given; If one of your grounds is Legitimate Interests, be sure to carry out the Legitimate Interests Assessment
5. Creating and reviewing privacy policies.
6.Data Protection Impact assessment (Optional)
A Data Protection Impact Assessment (DPIA) is a tool which helps the organization to identify and analyse how data privacy might be affected by certain actions or activities.
7.Cyber Security Network upgrade.
This document should describe the network structure and the devices used on it.
8.Subject Access request form.
You can no longer charge for data subject requests and you must respond within 30 days.
9.Data Breach Procedure.
In case of data loss must be reported to the ICO within 72 hours. Then, you would also be required to inform the people whose data has been compromised about what has happened.
Should there be a case of data breach, you need to have a disaster recovery plan in your working procedures.
11.Working with Children
GDPR contains new provisions intended to enhance the protection of children’s personal data, in particular, privacy notices and parental consent for online services offered to children.
Business insurance in covering the new and emerging risks faced by digital businesses in compliance with GDPR.
13.GDPR Website upgrade.
GDPR will have a huge impact on website design, which will have a ripple effect on how your website integrates with your other digital activity like email marketing, social media, and e-commerce activities.
14.Review your contracts.
Organisations should review their existing contracts and if they contain personal data have to be re-drafted in compliance with GDPR requirements.
15.Assign a Data Protection Officer or Administrator.
The main role of the DPO is to make sure that the organisation processes the sensitive personal data of its staff, customers, providers or any data subject in compliance with the applicable data protection rules.
16.Awareness and Training.
A key element is Focused, role-based training for staff whose processing with sensitive data. Provide GDPR training for your employees.
17.Employee Data Protection Policy.
18.Update Documents for Employee’s.
Your employee documents need to be GDPR upgraded
19.Systems for Employee’s subject access request.
Ensure that you have a process in place to deal with such requests and to have appropriate templates for the employee to make the request and for your reply.
20.Prepare a GDPR Statement.
Every company taking seriously the new data protection regulation should inform their clients about the new changes and areas covered of the new legislation.