July 05, 2017 –

GDPR - your free step-by-step guide

Author: Alex Clough
Alex Clough
Managing Director
Photo by: Jonathan Denney
GDPR (General Data Protection Regulation) has been widely reported recently, but our experience indicates that a significant proportion of businesses are currently unaware of the changes, or do not have a plan in place for compliance.

As part of our GDPR series, we've prepared a list of the key things to look for and put in place now in order to help you comply. This has been outlined below, and on other GDPR insights providing an overview of the best (compliant) data collection methods.


GDPR - What to do now

To help ensure you comply, our recommendation would be to start soon - key steps to take now include:

Make your team aware

GDPR has received a lot of coverage (particularly in the marketing press), but this does not mean that everyone is aware of the changes. Make sure you raise the topic with your team to ensure they know about both the risks… and the opportunities.

Review your contracts to see which ones would need to be amended

GDPR will require suppliers and customers to review supply chains and current contracts, so renegotiations may be required. Equally, commercial terms will inevitably have to be revisited given the increased costs of compliance and higher risks of non-compliance.

Identify your data flow

An important step towards compliance is to review your organisation’s data flow. This will allow you to identify the location, access and ownership of your data; whilst classifying the type of data your organisation holds.

Key questions that every organisation should address include:

  • What ‘personal’ data is being processed?
  • Are existing processing methods compliant?
  • Where is data being held and how does it flow through the organisation?
  • Are there adequate controls in place surrounding movement and storage?
  • Who in the organisation owns the data?
  • Who can access the data?
  • Who, if anyone, is it being shared with, both internally and externally?

Revisit your data sharing protocols

Most organisations carry out some form of data sharing, typically between either group organisations or with external third parties. However, if the data being shared is 'personal data', additional steps will need to be taken to ensure that individuals are provided with all the relevant information (relating to how the data is shared) at the right time.

Clear out your data

Once you've assessed your data flows and protocols, make sure you clear out any personal data which is no longer required. The less personal data you hold, the easier compliance will be (just make sure you record which data was removed and why!).

Update your data collection methods

Finally and at a very basic level, look to update your data collection methods. Remember, any changes should ensure that the individual is informed (e.g. is aware of who, when, how and what the personal data is intended for), that consent has been freely given, and that it is a result of positive opt-in (e.g. no pre-ticked boxes or default options have been used).

What should I do next?

See our other insights with an overview of the best (compliant) data collection methods or get in touch to see how we can help. To make sure you receive our newsletters, please sign-up using the form below.