10 small steps towards implementing GDPR

Chances are you will have heard of GDPR by now and have a rough idea of what it entails. But have you started taking any actions towards becoming compliant by May 2018?

Read our 10 small steps towards implementing GDPR

1.  Research: Nominate someone within your team who has the capacity to project lead, or for larger companies it may be advisable to appoint someone into the role of Data Protection Officer. There are a wide range of GDPR related seminars and events on offer, along with a huge number of online resources. The Information Commissioner’s Office (ICO) publish very useful, practical and jargon free advice for organisations on becoming GDPR compliant (link at the bottom of the page)

2. Understand: How will it affect your organisation? What are the impacts going to be on the different functions within your organisations? GDPR will apply to all departments holding and processing personal data including marketing, sales, finance, HR…

3. Look what others are doing: Keep an eye out for what large companies and market leaders in your industry are doing. Although nobody (as of yet) is entirely confident in being 100% GDPR compliant it is useful to get ideas from other organisations to see whether some of their actions could be replicated within your organisation

4. Audit: Look at your systems, databases, CRM and even filing cabinets to see what personal data you hold, why you hold it, who it gets shared with, how you access it and how long you keep it for

5. Put it in writing: Writing all your findings down helps to identify risks and can form the basis for an internal report to explain GDPR implications to staff and stakeholders. And should there be an investigation in future, it shows the ICO that you are actively trying to become compliant

6. Make decisions: Once you know where your weak spots are and which areas need addressing make decisions with regards to data privacy. Some large companies have decided to scrap their existing databases and start again from scratch. Others have decided to change software providers to ensure they are working within the law

7. Plan: Put a plan in place how you’re going to manage personal data in future, how you’re going to detect and deal with any data breaches and create flowcharts or action plans to break it down. You should update your privacy policy which should detail exactly how the data is managed

8. Educate: Once your designated member of staff is familiar with GDPR and its likely implications run training sessions for all staff to ensure they know about it and understand how data will need to be managed in future

9. Get consent (if needed): If you require consent as the legal basis for storing and processing the data you will need to get people to give you that consent. You may need to put in place systems to obtain consent, e.g. through getting people to sign up to a mailing list

10. Don’t panic: GDPR is new to everyone and some details are still unclear so we think there will probably be a grace period with regards to the ICO investigating and prosecuting companies. If you are seen to be addressing the new legislation and can prove you have taken steps towards compliance the ICO are unlikely to issue heavy fines shortly after May

For a quick guide download our GDPR info-graphic

If you would like to discuss GDPR with us feel free to give us a call on 01903 530787 or email us.

For other useful marketing reports, guidelines and tips why not sign up to our monthly newsletter? You can opt-out at any time.

Read the ICO’s 12 steps to preparing for GDPR