Home / Media Centre / Blogs / 10 Steps to get GDPR ready

10 Steps to get GDPR ready

Posted onJanuary 2018
Share this article
- Share this article on twitter
- Share this article on linkedin

LCF Law Solicitors | Bradford, Leeds, Harrogate, Ilkley | GDPR | Image of a keyboard In May 2018 the General Data Protection Regulation (GDPR) will come into force, increasing the regulations surrounding the collection and processing of personal data. The GDPR will also greatly increase the potential sanctions for non-compliance. Here are ten top tips to help you prepare for GDPR compliance:

One - Awareness

Ensure key people in your business - across IT, personnel, operations, marketing and elsewhere - are aware of GDPR and the impact that this will have on your business.

Two - Review Information

Undertake an "information audit" to document the personal information that you hold, including how it was collected and with whom it is shared.

Three - Update Privacy Policies

You will need to update and enhance your written privacy policies and notices. For example, you now need to identify in those notices the basis on which you process personal data, and any data retention periods.

Four - New Rights and Subject Access Requests

Individuals have new and enhanced rights in respect of their data. You should ensure that you have systems in place that allow you to swiftly locate all personal data you hold, so that you can respond to detailed subject access requests within the new (shorter) timescales, and if necessary to delete that data.

Five - Lawful Basis of Processing and Consent

You need to consider, and identify in your data protection documentation, the lawful basis upon which you process all personal data. To do this you will need to identify the personal data you hold and what you do with it. New GDPR standards will make it harder to rely on the data subject's "consent" to processing - for example in respect of your marketing activity. You should review how any consents were previously obtained and, if necessary, consider refreshing them or relying on another lawful basis of processing.

Six - Children

There are increased restrictions on the processing of children's personal data, which may require systems to verify an individual's age and to obtain a parent's consent to processing.

Seven - Data Breaches

In the event of a data breach you may need to notify the data subject(s) concerned, and notify your supervisory data protection authority within very short timescales. Policies and procedures will need to be in place to ensure you can do this.

Eight - Data Protection Impact Assessments

Be aware that Data Protection Impact Assessments may be required for new projects where data processing is likely to result in a high risk to individuals.

Nine - Data Protection Officer (DPO)

Some organisations - generally public authorities or very large scale data processors - will need to appoint a DPO. All organisations should designate someone to take responsibility for data protection compliance.

Ten - International Requirements

If your business operates in more than one EU country, you should identify your lead data protection supervisory authority - which in the UK is the Information Commissioner's Office

This article was written by James Sarjantson. James is a Partner in our Corporate team and is based in Leeds.

James Sarjantson has dealt with Data Protection matters on behalf of clients for many years and is able to provide practical and commercial solutions to issues raised by the General Data Protection Regulations [GDPR], and to advise on the steps that businesses can take themselves to move towards compliance.

Further advice please contact James Sarjantson on 0113 201 0401 or ku.oc1701658104.fcl@1701658104nostn1701658104ajras1701658104j1701658104

Get in touch

Recommended by our clients

The whole process from start to finish was impeccable. Jo was truly amazing. Wouldn’t use any other law firm.

G

G Bray
I personally do not think you could improve on your service. My whole experience was excellent and I was made to feel at ease immediately starting with your receptionist. Ann was brilliant in explaining things to me and was very friendly and professional at all times. I would certainly recommend you to friends.

B

B. Chinque
I’ve used LCF for many years and no matter which department I have had to use the level of service has always been high.

C

C. Davitt
Both Clare and Amber have been very helpful and professional throughout and we’re very grateful for all their patience and kindness.

R

Rebecca Rushton
I was very satisfied with my experience with LCF Law. Having a new business, I was guided through a contractual process with support and a very down to earth approach.
I would highly recommend the firm and wouldn’t hesitate to get in touch in the future.

K

K. Davison
I have been extremely impressed by the care and attention given to various queries I have raised over time. I have confidence that I have a very good solicitor and have indeed recommended her to other people. I feel my affairs are in safe hands!

R

Rebecca Cecilia Phillips
Cathy Cook was excellent – met all deadlines without fail & where required was happy to take calls outside of normal office hours.

A credit to your organisation.

J

J. Rogerson
Excellent service throughout the whole process!

H

H. Morgan
This is the first time I have used LCF Law. The service and advice I received were exemplary. I was able to proceed with my project far more quickly than anyone expected.

J

J. LEIGHTON
Very happy with the service received, we are very confident knowing James Sarjantson has our back.

N

N. Eagleton