Is your organisation GDPR ready? by John Goodacre, Account Executive
I’m sure by now you’ve all heard something about GDPR and that it will be coming into effect next month on the 25th May. But what does this mean for your organisation and what should you be doing going forwards?
Put quite simply, it could mean a change in the ways in which you collect, store and process data.
If your business or organisation holds personal data you need to ensure that you have a clear structure in place, the following steps may help you in the process:
- List the data that you collect, where you get it from, what you do with it and who you share it with. You may need to arrange an information audit across your organisation.
- Why are you holding this data? What lawful basis does it fall under?
- Review your privacy notices and update these in time for GDPR implementation
- Ensure that your software is ready to deal with data access requests and data portability
- Data erasure, can your system delete data when it’s no longer necessary for the purpose for which it was actually collected
- Make sure you’ve got a process in place to identify, resolve and report any breaches of data to the ICO (Information Commissioner’s Office).
If third party suppliers hold data on your behalf make sure they are GDPR compliant and include GDPR clauses in contracts. For example they should run audits to ensure they are still compliant on a yearly basis as a minimum.
What if you’re not GDPR compliant and there’s a breach of data?
The fines to organisations will be extremely costly. For a serious breach it is 4% of global turnover or €20 million, whichever is greatest. The majority of businesses simply cannot afford to take such a catastrophic risk.
If you haven’t already taken steps towards GDPR compliance we strongly recommend starting the process now.
John Goodacre is Account Executive at D E Ford Insurance Brokers, providing bespoke insurance packages for businesses and charitable organisations.