*DATA PROTECTION GDPR DEADLINE APPROACHING*
Members will have seen a lot of coverage in the media regarding the EU General Data Protection Regulation which comes into force on the 25th May, 2018.
Much of the GDPR is not really new. Most businesses should already be in some way compliant in terms of the storage, usage and management of personal data.
It is important that members get engaged.
IN A NUTSHELL:
You will need to: –
- Keep records of all personal data
- Be able to prove that consent was given
- Demonstrate what personal data is being used for
- Explain how the personal data is being protected
- Show for how long it is being kept
WHY DOES IT MATTER?
PENALTIES – potential of fines up to €20,000,000 or 4% of annual worldwide turnover for the previous year, whichever is the greater
WHERE DO YOU START?
- Create a personal data log for your business.
- Conduct an audit of the personal data you hold and record it in your log (personal data includes most information relating to individuals, such as names, addresses, contact details, date of birth, passport numbers, health information, religion).
- Describe in your log why you hold the data (i.e. for bookings, marketing, employee payroll, customer complaints).
- Check that you have obtained consent to use personal data for a reason other than its original purpose, (e.g. for marketing) and keep a record of the consent.
- Undertake a review of the security measures you have in place, check who has access to data; consider if access should be restricted; look at the manner in which access to paper files is protected; review what online security you have.
- Check your contracts with any suppliers with whom you share personal data to see what their data protection policies are.
An introductory document, prepared by the Data Protection Commissioner in Ireland, which lists 12 steps which organisations should be taking to be GDPR ready.
A self-assessment tool, prepared by the Information Commissioner’s Office in the UK
Disclaimer: This publication has been written in general terms and therefore cannot be relied on to cover specific situations, application of the principles set out will depend upon the particular circumstances involved and we recommend that you obtain professional advice before acting or refraining from acting on any of the contents of this publication. Neither the ITAA nor Anne Dolan & Co. accepts any duty of care or liability for an