GDPR preparation: 6 steps to get ready

GDPR - four letters that have been appearing everywhere over the recent months and will change everything. For those few who may be wondering what GDPR stands for, the General Data Protection Regulation is a new regulation that aims to address how data is collected, stored, and used, with tougher financial penalties for the businesses who will fall short of its obligations and standards. Coming into effect on 25 May 2018, it will be the biggest ever overhaul of data protection rules in over twenty years so it is of utmost importance for organisations to assess their business activities and make all necessary preparation to fully comply with the rules set out in the GDPR.

    Here are the steps you should be taking to prepare for the changes:
  • 1. REVIEW HOW YOU ASK FOR CONSENT

    Pre-ticked boxes or actions such as "click here to read out privacy policy" will no longer be acceptable. In addition to consent having to be freely given, specific, informed, and unambiguous, there is also a requirement to be written in plain English in order to explain clearly why you are collecting personal data and how you intend to use it.

  • 2. OPT-IN VS OPT-OUT

    Αll consent must be opt-in consent; there will not be such thing as opt-out consent. In simple terms, this means that individuals are given a genuine choice and control over how their personal data is used and take a deliberate action to opt in. You will therefore need to plan the end of pre-ticked boxes on your website as you will no longer be able to rely on 'implied consent'. GDPR states specifically that "silence, pre-ticked boxes or inactivity should not constitute consent".

  • 3. HANDLING DATA SUBJECT ACCESS REQUESTS

    Under the GDPR, individuals have the right to access the data held about them, obtain a copy of their personal data together with supplemental information about the processing, for instance the categories of data processed and the recipients. Therefore, you need to plan how to handle such requests so that you can save precious administrative time.

  • 4. MANAGE THE DATA YOU HOLD PROPERLY

    Individuals have the right to have their data deleted if they no longer want the controller to have it or if it is not used for the original purpose that it was collected. You will therefore need to make sure that users' personal data is up to date with the new challenges of the new privacy era and are not kept for longer than necessary. A good idea would be to include a section in your privacy policy informing individuals where they can make requests of disclosure.

  • 5. BEWARE OF DATA BREACHES

    PwC has recently found that the number of imposed fines on companies for breaching data protection laws have been almost doubled in 2016. With GDPR introducing a duty on all organisations to report certain types of data breach, you should make sure you have the right internal procedures in place to detect, report and investigate a personal data breach. Additionally, it is worth regularly reviewing information from the ICO to keep on top of the latest updates.

  • 6. PRIORITISE AND PLAN

    GDPR is all about building trust in an era of mistrust - an evolution of the existing rules, not a revolution. You are probably confused or overwhelmed by it, but no matter how daunting the GDPR journey might look, with careful planning, project management and prioritisation, everything is achievable. This is a great opportunity for your business to review the way it processes data, restructure, reorganise and take all the necessary measures to meet the requirements of the GDPR.

If you have not started your preparations yet, you should better get started today - the sooner, the better. Chris Combemale, CEO of the DMA Group, says: "Despite high levels of awareness, with a year to prepare for the new laws, the number of businesses that believe they will be ready in time has dropped to just over half. So, if you need any help preparing for the GDPR, Tech Essence is here to help you obtain first-party data, as well as give you access to a business network of more than 600 vetted data UK suppliers.