GDPR is everywhere at the moment. We all know that something needs to be done before 25 May 2018 to ensure our organisations are GDPR compliant. For those who have managed to avoid it, GDPR is the EU’s General Data Protection Regulation. It will replace the existing data protection regime and provide consistency across the EU in how data protection is regulated. The main reason that it is attracting so much attention is the potential for large fines for non-compliance. Ultimately many of the existing data protection principles are still enshrined in the legislation and so there is a lot of GDPR that we should have been doing already. Compliance under the old data protection scheme will certainly make for an easier journey to GDPR compliance. The reality is though that many organisations had gaps under the current regime and now the clock is ticking to be compliant. Organisations have less than 12 months to work on their compliance. In some cases there will be a lot of work to be done so the most important action to take is to start. With this in mind, Linda Hynes, Head of Employment & Data Protection at Ogier Leman, has prepared a checklist outlining the main actions organisations should be taking to get started on their GDPR compliance journey.
It’s important to note that this checklist cannot deal with all aspects of GDPR compliance as this will depend on the individual organisation and the personal data it holds and processes, for example, the checklist does not deal with children’s data, specific processor obligations and other important areas that arise under GDPR. It is a guideline document only to help organisations get started and it is the minimum steps that Linda would expect to see an organisation taking to become GDPR compliant.
To access the checklist prepared by Linda click here
Disclaimer: This publication is for guidance purposes only. It does not constitute legal or professional advice. No liability is accepted by Ogier Leman for any action taken or not taken in reliance on the information set out in this publication. Professional or legal advice should be obtained before taking or refraining from any action as a result of the contents of this publication. Any and all information is subject to change