It’s coming up on one year since the General Data Protection Regulation (GDPR) became law, and part of the compliance process for every organisation is to undertake regular reviews and have a continuous improvement policy. So now is a good time to review your GDPR processes, documentation, training and staff awareness. Some points you should consider:
- Do you have new customers or suppliers without a data sharing agreement?
- Do you have new staff in need of data protection awareness training?
- Do you now collect different categories of personal data or have different processing methods?
- Do you have correct procedures in place for responding to subject access requests?
The Information Commissioner recently said:
“…But our role is not to be a ‘DPO for hire’ – responsibility for compliance ultimately lies with organisations themselves. For those who do not take this responsibility seriously or those who break the law, we will act swiftly and effectively. Many of the investigations launched with our new powers are now nearing completion and we expect outcomes soon, demonstrating the actions my office is willing and able to take to protect the public.”
So we can expect that the ICO will soon start to make an example out of non-compliant organisations.
Take advantage of a free initial telephone consultation with one of our ISO qualified GDPR advisors to find out how we can do all the hard work for you. Just give us a call on 01293 446677 or fill in the enquiry form below.