Use our handy checklist to help you assess where your business is now in terms of GDPR compliance (Tick when completed)
- You have conducted an audit on what personal data you hold, where the data came from and who it is shared with.
- You have identified the lawful bases for processing data and have documented it.
- You have reviewed how you ask for and record consent for processing data.
- You have a system to record and manage on-going consent.
- Your business is currently registered with the Information Commissioner’s Office.
- Your business has a privacy notice.
- You have a process for handling Subject Access Requests.
- You have a procedure to respond to an individuals’ request to restrict the processing of their personal data.
- You have a process for ensuring the personal data you hold remains accurate and up to date.
- You have a process for securely disposing of personal data that is no longer required in line with agreed timescales or where an individual has asked you to erase it.
- You have processes to allow individuals to move, copy or transfer their personal data to other organisations.
- You have a procedure to handle an individuals’ objection to the processing of their personal data.
- You have an appropriate data protection policy.
- You provide data protection training for all staff and you make a record of this.
- You have a written contract with any third parties you use where data is shared.
- You understand when you must conduct a Data Protection Impact Assessment (DPIA) and have a process in place to action this.
- You have a nominated data protection officer (DPO) who takes responsibility for all things relating to data protection.
- You have an information security policy which is supported by appropriate security measures.
- You have an effective process to identify, report, manage and resolve any personal data protection breaches.
- You have a process for monitoring your compliance with data protection policies and regularly review the effectiveness of data handling and security controls.
Still unsure about what you need to do...? Farleys' Commercial team can help in getting your business GDPR compliant. Contact us on 01254 229800 or email Sally.Eastwood@farleys.com or Jenny.Goodwin@farleys.com
© The contents of this guide are the copyright of Farleys Solicitors LLP