An SME preparing for the GDPR may find the following suggestions helpful in working towards compliance:
- Allocate a budget
- Assign responsibility to an individual for data protection
- Complete a Data Protection Impact Assessment (DPIA). DPIAs are required under the GDPR on a regular basis
- Consider current policies and procedures, and if these meet the obligations imposed under the GDPR, if not seek advice & update accordingly
- Data Protection is a business-wide concern. Make sure all employees understand what personal data is and are prepared for what they need to do at an individual level, as part of their role
- Devise a plan for data management across the business
- Examine the possible types of breaches your business maybe exposed to
- Make sure you can satisfy data subject access requests (SARs). SARs are are set to increase due to the fact that individuals have the right to request a copy of the personal data that you hold on them. Personal data requests should be provided in a commonly-used, machine-readable format, provided free of charge and within one month of the initial request
- Consider contact facing online options via your website for consents, requests and withdrawal of data to avoid data management becoming a manual drain – you must make your systems work for you
For further help
The ICO has produced ‘Preparing for the GDPR: 12 steps to take now to help organisations on how to address the key issues.’ You can also refer to our Whitepaper – GDPR – What you need to know… which includes FAQs and lots of other straightforward guidance.
Also, to help SMEs we have put together a Whitepaper: GDPR for small businesses, this provides a full overview together with some helpful information and practical steps for you to work towards compliance. To access this Whitepaper Sign Up to Gravicus Osprey where you will also get 5 Free Data Protection Impact Assessments (DPIAs) with Osprey DPIA as well as access to our Resource Centre.
Telephone: 0203 858 0636
Simply smart data management with Osprey