As part of your business GDPR readiness assessment, we recommend a full website review to highlight onsite GDPR issues. Xigen can perform this review and report on suggested changes to your website** to comply with GDPR.Arrange your GDPR website compliance review
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have and identify areas that could cause compliance problems under the GDPR. It would be useful to start by looking at your organisation’s risk register, if you have one.
You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit across the organisation or within particular business areas.
When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice. Under the GDPR there are some additional things you will have to tell people.
You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.
If your organisation handles a large number of access requests, consider the logistical implications of having to deal with requests more quickly. You could consider whether it is feasible or desirable to develop systems that allow individuals to access their information easily online.
You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.
You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.
You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian permission.
Some organisations are already required to notify the ICO (and possibly some other bodies) when they suffer a personal data breach. The GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals.
It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’.
You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. The appointment of a DPO is not mandatory and should be determined by you after performing a GDPR gap analysis.
If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority and document this.
Simply fill in the form and we’ll be in touch with one of our dedicated reviewers to start the process.
We will never use or retain this information in order to send marketing communications to you.
*Information taken from Information Commission Office resources - ico.org.uk
**The website review does not cover any other business aspects of GDPR and merely covers one part of the new regulations. Other such areas will need to be addressed by you / the business separately.
Make sure you are compliant by 25th May 2018 – at which time those organisations in non-compliance may face heavy fines.
Xigen are here to help, please get in touch if you’re unsure or need any assistance
*The website review does not cover any other business aspects of GDPR and merely covers one part of the new regulations. Other such areas will need to be addressed by you / the business separately.