Home / Media Centre / Blogs / 10 Steps to get GDPR ready

10 Steps to get GDPR ready

Posted onJanuary 2018
Share this article
- Share this article on twitter
- Share this article on linkedin

LCF Law Solicitors | Bradford, Leeds, Harrogate, Ilkley | GDPR | Image of a keyboard In May 2018 the General Data Protection Regulation (GDPR) will come into force, increasing the regulations surrounding the collection and processing of personal data. The GDPR will also greatly increase the potential sanctions for non-compliance. Here are ten top tips to help you prepare for GDPR compliance:

One - Awareness

Ensure key people in your business - across IT, personnel, operations, marketing and elsewhere - are aware of GDPR and the impact that this will have on your business.

Two - Review Information

Undertake an "information audit" to document the personal information that you hold, including how it was collected and with whom it is shared.

Three - Update Privacy Policies

You will need to update and enhance your written privacy policies and notices. For example, you now need to identify in those notices the basis on which you process personal data, and any data retention periods.

Four - New Rights and Subject Access Requests

Individuals have new and enhanced rights in respect of their data. You should ensure that you have systems in place that allow you to swiftly locate all personal data you hold, so that you can respond to detailed subject access requests within the new (shorter) timescales, and if necessary to delete that data.

Five - Lawful Basis of Processing and Consent

You need to consider, and identify in your data protection documentation, the lawful basis upon which you process all personal data. To do this you will need to identify the personal data you hold and what you do with it. New GDPR standards will make it harder to rely on the data subject's "consent" to processing - for example in respect of your marketing activity. You should review how any consents were previously obtained and, if necessary, consider refreshing them or relying on another lawful basis of processing.

Six - Children

There are increased restrictions on the processing of children's personal data, which may require systems to verify an individual's age and to obtain a parent's consent to processing.

Seven - Data Breaches

In the event of a data breach you may need to notify the data subject(s) concerned, and notify your supervisory data protection authority within very short timescales. Policies and procedures will need to be in place to ensure you can do this.

Eight - Data Protection Impact Assessments

Be aware that Data Protection Impact Assessments may be required for new projects where data processing is likely to result in a high risk to individuals.

Nine - Data Protection Officer (DPO)

Some organisations - generally public authorities or very large scale data processors - will need to appoint a DPO. All organisations should designate someone to take responsibility for data protection compliance.

Ten - International Requirements

If your business operates in more than one EU country, you should identify your lead data protection supervisory authority - which in the UK is the Information Commissioner's Office

This article was written by James Sarjantson. James is a Partner in our Corporate team and is based in Leeds.

James Sarjantson has dealt with Data Protection matters on behalf of clients for many years and is able to provide practical and commercial solutions to issues raised by the General Data Protection Regulations [GDPR], and to advise on the steps that businesses can take themselves to move towards compliance.

Further advice please contact James Sarjantson on 0113 201 0401 or ku.oc1714806188.fcl@1714806188nostn1714806188ajras1714806188j1714806188

Get in touch

Recommended by our clients

We as a family were looked after amazingly well.

M

M. Patchett
Everyone was brilliant and extremely helpful. Talked us through everything and gave us great advice

A

A. Stead
We’ve been with LCF for many years and you are always on the ball!
We always receive a warm welcome at reception from the “girls” and a very professional team dealing with clients.

S

S & C. Robinson
The service received from LCF was excellent and I couldn’t have asked for better lawyers to assist me in what I needed to have done. Amjed and Anisha are both assets to the firm.

I

I. Mir
We have used both conveyancing and personal law and have been extremely satisfied with both departments. We found staff to be professional and efficient and have recommended you to others based on our experience.

Y

Y. Grant
Ann Christian was brilliant and pleasant to work with.

A

A. Patel
Fabulous service through out the whole process.

N

N. Baldry
The whole process from start to finish was impeccable. Jo was truly amazing. Wouldn’t use any other law firm.

G

G Bray
I personally do not think you could improve on your service. My whole experience was excellent and I was made to feel at ease immediately starting with your receptionist. Ann was brilliant in explaining things to me and was very friendly and professional at all times. I would certainly recommend you to friends.

B

B. Chinque
I’ve used LCF for many years and no matter which department I have had to use the level of service has always been high.

C

C. Davitt