20 Quick GDPR Tips for the Business Owner
Leyla Hayes-Wright • April 5, 2018
A simple list to provide focus for readying your business for GDPR compliance!
There is a vast amount of information available now for the upcoming GDPR changes in May and there are some really useful resources! However, many business owners are still unsure where to begin or truly understand what really needs to be considered in terms of their processes and the data they hold. Below we have highlighted a quick GDPR tip list of areas that all business owners should review:
20 Quick tips!
- Get
up to date with the basics of GDPR. Read up on the 8 rights of the individual and the 6 principles that an organisation should abide by
- Be
mindful of the new fines if you breach the regulations: 20million euros or 4% of turnover
- Register
with the Data Protection Act via the ICO: https://ico.org.uk/for-organisations/register/
- Get
a GDPR specialist / business lawyer to provide you with / write up your
legal policies and templates
- Have
a Data Protection Policy and a website Privacy Policy
- Update
your privacy notice in your contracts, information to your subscribers, employee notices, email
footers, marketing material, etc, as relevant
- Consider
obtaining cyber security insurance
- Assess
the security on your IT equipment and hard copy filing practices. Do you
need to have added encryption, passwords, etc?
- Appoint
a Data Protection Officer – if applicable to your organisation
- Know
who the Data Controller is and who the Data Processors are in your business! If you are self-employed, you will act as both. Know what the
responsibilities are of these roles!
- If
you use freelancers, such as associate psychologists / coaches or a virtual assistant, ensure you as a Data Controller have a processor
agreement / contract in place and you undertake due diligence that they are compliant
- Undertake
a data audit of the files your business has – understand the information you hold in your business and how
it has been collected. This includes ALL data stored on laptops, PC’s, USB sticks,
smartphones, etc. Identify the gaps that could cause a problem in the
future and close them! Create an Action Plan from the gaps you identified. Fixing these loopholes will get you closer to GDPR compliance
- Know how long you are required to hold data for! For example, there are some legal basis for the records held which have different legal durations, such as with personnel records, audited financial statements, etc.
- What
is your legal basis for processing data? Get evidencing this. There are 6
different legal basis with consent being just one of them. Do you need to
make an impact assessment on your data? For example, if you process data
as part of a legitimate interest, have you done a legitimate interest
assessment? Learn more about the different legal basis for processing information here: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-bas...
- When
you gained consent for holding a person’s personal data, was it done in a
granular way? You cannot any longer bundle consent together within one tick
box. Do you need to get fresh consent? Do you have a process for managing
opt-outs?
- Are
you transferring data to third parties outside of the EEA, such as via US
based software? If so, are these on the EU – US Privacy Shield register? https://www.privacyshield.gov/list
- Do
you process sensitive personal data (known as special category data)? Have you gained explicit consent for
processing this? Check the list here to see if the data you hold is sensitive: https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/lawful-bas...
- Are your marketing practices in line with the GDPR regulations?
- Are
you prepared with how you will handle a Subject Access Request or a
Data breach in your organisation?
- If
you employ staff, do they need training in GDPR?
This is a simple list to provide focus with your GDPR compliance for your business. Please note that ExecutiveVA are not legal experts, however, we are able to help with any administrative tasks you require as part of implementing your new processes. Please ask a GDPR expert to help you with your compliance checks and legal policies. For more information about the regulations, please refer to the ICO’s website:
https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/
M: 07511 534051
E: leyla@executiveva.co.uk
"I frequently wished I could clone myself!" When speaking to our clients we found 3 signs which showed they were not spending their most valuable asset, their time, focusing on the client facing operations of their business.
Tips on using Microsoft Office to be able to work smarter and more productive.
Holiday season is here! Are you understaffed during the summer? ExecutiveVA can provide holiday cover so you can switch off and recharge.
Feel energised and focused by undertaking an office de-clutter
If you feel you don't have enough time in the day, it is important to look at how you spend the time you do have. Set yourself a task of assessing your time and find out which areas are claiming your time more than others.
"How do I delegate to you? I don't know where to start?" are questions we are often asked. Here are 4 easy steps to guide you through the process
Are you feeling overwhelmed getting GDPR compliant? As a Psychologist / Coach, you will access a lot of personal data in your work & you will need to ensure you are compliant with the new regulations. This introduction to a data audit will start you off.
Speed up your tendering processes by using these Psychology based CPV search codes
Working with a Virtual Assistant will help your business grow, make you more money and be a success!