Specialist

10 Steps for Compliance with GDPRD-DAY is 25th May 2018 when all business must be compliant with the General Data Protection Regulation.

Here are 10 steps that Davnet O’Driscoll Head of Employment & IT Law recommends that your organisation considers now to become GDPR compliant:

1.Data Protection Policy
Do you have a Company policy which sets out the personal information that you use, how you use this and for what purpose, what you retain, store and delete. How should this be updated for GDPR?

2.Data Flow
Identify your Data Flows. Data flows is information coming into the organisation and going out from existing and prospective customers, vendors,suppliers, employees.

3.Data Privacy Audit
You must audit to establish your level of compliance with the Data Protection Acts to identify any gaps.

4.Registration
Should your organisation be registered with the Office of the Data Protection Commissioner as data controller or data processor?

5.Contracts
Consider whether your terms and conditions with customers and contractors comply with Data Protection requirements.

6.Website
Do you have a privacy policy which sets out what information you use and how you use this for customers, browsers, employees and any other parties using your website?

7.Storage
Where is your information stored? Is there adequate security? Is there adequate protection for payment processing on your website? Transferring personal data outside the EU is prohibited unless the country receiving the data ensures an adequate level of protection.

8.Data Protection Officer
Does your organisation require a Data Protection Officer? This may be required if you are a public body or your primary activities involve large scale processing of sensitive data or data relating to criminal convictions, or systematic monitoring of individual’s data.

9.Security Breaches
What action must you take in the 72 hour time-frame in order to comply with the obligations for GDPR? Organisations should consider how to limit their exposure from a security breach which could be hacking of their website or a lost laptop.

10.Data Protection by Design or Default
Consider Data protection requirements in the design of new processes, services and manufacturing so there is compliance.

If you have any queries in relation to compliance for GDPR please contact Davnet O’Driscoll at Amorys Solicitors Davnet@amoryssolicitors.com