GDPR My Take on Things

GDPR are new rules regarding how data is managed, held, processed, and controlled.

– Consent matters not only because it’s lawful, but also means our audience is engaged and wants to receive information. There is no point sending to someone who doesn’t care.
– Need one of 6 things to hold or contact using the data
– Legal obligation (obligated by law to keep data)
– Public Task (Process a task in public interest)
– Vital Interest (Process to protect a life, hospitals etc)
– Contract (Orders etc)
– Legitimate Interest (No Official Guidelines Yet)
– Consent (People who give a clear YES PLEASE)
– The following is a checklist for the implementation and ongoing management of GDPR. The GDPR regulations come into force on 25/05/2018
– Put a project plan together for implementation and ongoing management of GDPR
– Put together an information audit to identify the risks of data flowing in and out of the business
– Document what personal data is held, where it came from, who we share it with, and what we do with it
– Identify and document lawful basis for processing
– Review how we ask for and record consent
– Systems to record and manage ongoing consent
– Find out if need to register with ICO (£35)
– Update Privacy Policy & Data Protection Policy + set a date to review and update periodically
– Document data right of access policy, rectification and accuracy and removal processes
– Implement policy to monitor data protection compliance policies, effectiveness of handling data & security.
– Data Protection Awareness Training
– Find out when need to complete data protection impact assessments and put framework and process in place
– Nominate a data protection lead
– Implement information security policy
– Document breach notification process, to identify, report, manage and resolve any data breaches □
– Document how long all data is held for
– Renew consent every 2 years

Helpful points of reference:

https://www.eugdpr.org/gdpr-faqs.html
https://www.safetica.com/blog/38-questions-and-answers-about-gdpr/

Important Information
This information does not constitute as legal advice and is Virtual Bird’s own interpretation of the GDPR guidelines, which are subject to change.
This information is provided to help small businesses get to grips with the new regulations, however please be aware that there may be items in the regulations that are relevant to you but not covered here.

We highly recommend investigating the guidelines accordingly to ensure you are fully compliant. We accept no responsibility or liability for any errors, incorrect interpretation or any actions taken from this information.
Information correct as of 12/02/2018