From 25 May 2018 onwards, all businesses that handle personal data must comply with the new General Data Protection Regulation (GDPR) legislation.
What do I need to do now?
- Make your decision makers and key people aware of the changes;
- Document personal information you hold, where it came from and who you share it with;
- Communicate privacy information and put a plan in place;
- Check your procedures to ensure they cover all individual rights;
- Subject access requests – update your procedure and plan how to handle requests for data;
- Identify the lawful basis for your processing activity;
- Review how you seek, record and manage consent and whether you need to make any changes;
- Children – put systems in place to verify individuals’ age and obtain consent from parents/guardians;
- Data Protection by Design & Data Protection Impact Statements – work out how and when to implement them;
- Appoint a Data Protection Officer – appoint someone to take responsibility for compliance and data requests;
- International – if you also have companies or do business/have suppliers from non-EU based states you’ll need to determine your lead data protection supervisory authority.
As you’ve identified, there is lots to do, so it is highly recommended that you seek professional advice if you remain unsure of how to tackle the list above.
aspire cambridge can guide your business through this period of change and provide on-going support and advice and offering a GDPR Toolkit, which includes everything you need to get compliant.
The GDPR Toolkit contains the following:
- Internal Audit Guide – how to identify what data you are collecting, where you are collating it and how you process it
- GDPR Policy – ready to implement immediately
- Privacy Impact Statement – this outlines the outcome of your audit
- Privacy Notice – explains to the data subject what we do with the data
- Contract and Handbook amendments
- ‘Opt in’ wording for the website and email signature
- Record Keeping Guidance Note
- Consent/Withdrawal of Consent Forms
- Subject Access Request Procedure
Cost: £1695 +VAT
In addition to the GDPR Toolkit we provide GDPR Training for employees. This 3 hour training session highlights the implications of GDPR and walks your employees through their responsibilities. Cost: £295 +VAT
Alternatively, you can opt for the solo GDPR Policy at £249 + VAT.
If you are interested in learning more about GDPR and the implications for your business to include the roll out of its procedures and policies please contact us on 01223 855441 today.