On 25 May 2018, the GDPR comes into effect in the EU and UK to replace the Data Protection Act. Most businesses across the country are going to have to make a change of some sort but not many know what it is that they need to do in preparation. Take a look at this checklist to help your business get ready.
The Information Commissioner's Office (ICO) have issued some guidance on what you need to consider in preparation of the General Data Protection Regulations (GDPR) but it is fair to say that there are still some grey areas. Many of the GDPR's main concepts and principles are the same as those in the Data Protection Act 1998, so if you are compliant with those rules, much of what you do will still be compliant come 25 May 2018.
However, the GDPR brings added obligations for businesses and organisations that process personal data. Personal data is any information relating to an identified or identifiable natural person, who is referred to as the 'data subject'. The information relating to an identifiable person includes names, identification numbers, email addresses, IP addresses, location data and serval other things. It would be fair to say that most organisations will process personal data in some way, as this includes any data you hold about your own employees as well.
It is essential to plan your approach to GDPR compliance now and to gain by-in from key people in your organisation. Compliance with all the areas listed in this checklist will require you to review your approach to governance and how you manage data protection. Use the following checklist to map out which parts of the GDPR will have the greatest impact on your business model, and create a plan to focus on those areas in your planning process.
If you need help with any business insurance questions or would like to talk to us about the other services we can provide, call us on 01202 754900.