Monday – Friday
9:00 AM – 5:30 PM

Call Us On
020 8349 5100

Get Ready for GDPR: A Seven Point Action Plan

There is no escaping the General Data Protection Regulation Directive (GDPR). Brexit or not, it will become UK law, via a new Data Protection Act, on 25 May 2018.

As a result, you can expect to see the current steady stream of scare stories become a torrent in the new year, as the deadline for compliance looms and businesses large and small scramble to be ready.

But it doesn’t have to be like that.  Taking action now, to start the process of understanding what GDPR means for you and your business and begin putting in place the systems and processes you need to comply, can make the whole thing a lot less painful.

That said, it’s only fair to point out that those scare stories are not totally without foundation. For instance, GDPR will usher in fines of up  to €20m or 4% of global turnover, whichever is greater – figures that far, far exceed the current maximum of £500,000.  Meanwhile, according to Marsh’s Global Cyber Risk Perception Survey, less than a third of all firms are ready for GDPR, and 55% of smaller firms have ‘no plan’ for GDPR compliance. 

In that context, some twitchy reporting in the press is not a huge surprise.

So what can you do to kick start the process of GDPR compliance?

Here’s a seven point action plan:

  1. Understand how GDPR affects your businesses:  According to the Information Commissioner’s Office, “If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.”  That said, exactly how you will be affected depends on the data you collect, from whom and how it is used and stored  so start by understanding GDPR and what it means for you.  You can read Wired’s guide to GDPR here.
  2. Communicate with colleagues:  Make sure everyone in the business understands the impact of GDPR and what it means and the potential impact
  3. Review the data you hold: Make sure you know exactly what personal identifiable data you collect and store, and the lawful basis on which you do it – do you have permission from those whose data you hold? Why are you holding it and for what purpose?
  4. Check your policies:  In fact, check that everything from privacy notices, policies and procedures, to any other documentation you use is compliant with the new requirements.
  5. Secure your data:  Review and ideally stress test your security arrangements and have plans in place to detect, report, and investigate data breaches.
  6. Assess your staff needs:  Work out whether you need to appoint or hire a data protection officer.

Consider specialist insurance: Cyber  insurance [LINK TO ARTICLE] isn’t fundamental to GDPR compliance, but it might help to shield you from some of the financial and reputational consequences if you one day fall foul of the new rules due to a cyber related incident.

Just complete the form below and one of our team will be in contact with you shortly