Scotland’s Inaugural GDPR Summit taking place in Aberdeen November 9th, has a programme solely dedicated to GDPR which will give you access to world-class experts who can help you understand what is coming, what you need to be doing and how you can be compliant.
It’s worth remembering that a violation of GDPR, such as poor data security which leads to public exposure of personal information, could result in a fine of over 20 million euros or 4% of your company’s net income.
Here are 12 steps to think about now –
1 – Awareness:
You should make sure that the decision makers in your organisation are aware the law is changing to GDPR
2 – Information You Hold:
You should document what information you hold, where it came from and who you share it with
3 – Communicating Privacy Information:
Review your privacy notices, put a plan in place for making any necessary changes in time for GDPR
4 – Individual Rights:
You should check your procedures ensure they cover all the rights individuals have under GDPR, including how you would delete personal data
5 – Subject Access Requests:
Up date your procedures, plan how you will handle requests within the new timescales
6 – Lawful Basis For Processing Personal Data:
Identify the lawful basis for your processing activity in the GDPR up date your privacy notice to explain it
7 – Consent: You should review how you seek:
record and manage consent and whether you need to make any changes, refresh now if they don’t meet GDPR
8 – Children:
Think now about whether you need to put systems in place to verify individuals ages, obtain parental or guardian consent for any data processing
9 – Data Breaches:
Make sure you have the right procedures in place to detect, report and investigate a data breach
10 – Data Protection By Desgin & Data Protection Impact Assessments:
Familiarise yourself with the ICO code of practice on Privacy Impact Assessments, including latest guidance for article 29
11 – Data Protection Officer:
Designate someone to take responsibility for data protection compliance, assess where this role will sit within your organisation, consider whether you are required to formally designate a DPO
In Case You Missed it:
12 International:
If you operate in more than one EU member state, determine your lead data protection supervisory authority, Article 29 working party guidelines.
The 12 subjects covered during the event will include –
- Data Protection & GDPR A Legal Perspective
- Navigate the Marketing Minefield
- Demonstratable Cultural Change, Awareness, Training and Exercises
- Securing Personal Data
- Vendor Risk Management
- What role for cloud services within GDPR
- What Role for HR within GDPR, Mandatory Requirements
- The benefits of Technology for monitoring GDPR Compliance
- How Digital Tools can be a part of a consent solution
- Data Breaches and Notification Procedures understand your responsibility
- Risk Management and Securing Digital Assets
- Developing a GDPR Roadmap – What should you focus on to meet the GDPR
Marketing companies beware, John said organisations currently relying on consent to legally process personal data would need to go through a “recommissioning process, as your current consent is almost certainly not going to be valid” after GDPR comes into force in May 2018.”
