From 25 May 2018 onwards, all businesses that handle personal data must comply with the new General Data Protection Regulation (GDPR) legislation.
What do I need to do now?
- Make your decision makers and key people aware of the changes;
- Document personal information you hold, where it came from and who you share it with;
- Communicate privacy information and put a plan in place;
- Check your procedures to ensure they cover all individual rights;
- Subject access requests – update your procedure and plan how to handle requests for data;
- Identify the lawful basis for your processing activity;
- Review how you seek, record and manage consent and whether you need to make any changes;
- Children – put systems in place to verify individuals’ age and obtain consent from parents/guardians;
- Data Protection by Design & Data Protection Impact Statements – work out how and when to implement them;
- Appoint a Data Protection Officer – appoint someone to take responsibility for compliance and data requests;
- International – if you also have companies or do business/have suppliers from non-EU based states you’ll need to determine your lead data protection supervisory authority.
- As you’ve identified, there is lots to do, so it is highly recommended that you seek professional advice if you remain unsure of how to tackle the list above.
aspire cambridge can guide your business through this period of change and provide on-going support and advice and offering a GDPR Toolkit, which includes everything you need to get compliant.
The GDPR Toolkit contains the following:
- Consent Form for Employees who Leave
- Consent Form for Existing Employees
- Consent Form for New Employees
- Data Breach Notification Policy
- Data Deletion Request Form
- Data Protection Policy (GDPR)
- Data Rectification Request Form
- Data Restriction Request Form
- Data Transfer Security Policy
- Employee Privacy Notice
- GDPR Factsheet
- GDPR FAQ
- HR Data Audit Form
- HR Data Record
- Job Applicant Privacy Notice
- Managing a Breach Flowchart
- Monitoring Policy
- Policy on Data Subject Rights
- Subject Access Request Form
- Subject Access Request Policy
Cost: £1695 +VAT
In addition to the GDPR Toolkit we provide GDPR Training for employees. This 3 hour training session highlights the implications of GDPR and walks your employees through their responsibilities. Cost: £295 +VAT
Alternatively, you can opt for the solo GDPR Policy at £249 + VAT.
If you are interested in learning more about GDPR and the implications for your business to include the roll out of its procedures and policies please contact us on 01223 855441 today.