From our IT Partner NSN
GDPR – First steps.
Inform decision-makers on the impact of the GDPR and get consensus on importance and approach.
Conduct a data mapping exercise to fully understand your personal data use and processing. Ask the following questions:
Who is accountable for data streams within the organisation?
Understand the legal grounds on which you currently collect and use data.
Review your IT systems and procedures
Review staffing requirements for data protection compliance.
Consider appointing a Data Protection Officer (DPO), mandatory for some organisations but useful for all.
Focus on certified accountability of the organisation for data privacy.
Prioritise compliance activity and remedial measures on areas with highest risk and most significant impact.
Conduct Data Protection Impact Assessments (DPIA) for new activities.
Review and strengthen technical and security measures specifically use of encryption techniques.
Prepare for data breach notifications.
Set up internal procedures/strategy for data breach identification.
Integrate privacy by design and default, collect the minimum amount of information and consider privacy from inception of the product, service or project.
Review and update privacy policies and notices
Special consideration should be given to privacy policies.
We understand that this is a lot to take on all at once so here is a mind map we created on our own GDPR journey here at NSN – we hope you find it helpful. For more information or guidance on your GDPR journey please contact me directly.
Contact our IT partners NSN on 0800 054 6200 or HERE