Make sure you are prepared:

12 key areas to help you comply with GDPR*

As part of your business GDPR readiness assessment, we recommend a full website review to highlight onsite GDPR issues. Xigen can perform this review and report on suggested changes to your website** to comply with GDPR.

Arrange your GDPR website compliance review
Awareness

1. Awareness

You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have and identify areas that could cause compliance problems under the GDPR. It would be useful to start by looking at your organisation’s risk register, if you have one.

Information you hold

2. Information you hold

You should document what personal data you hold, where it came from and who you share it with. You may need to organise an information audit across the organisation or within particular business areas.

Communicating privacy information

3. Communicating privacy information

When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a privacy notice. Under the GDPR there are some additional things you will have to tell people.

Individuals’ rights

4. Individuals’ rights

You should check your procedures to ensure they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.

Subject access requests

5. Subject access requests

If your organisation handles a large number of access requests, consider the logistical implications of having to deal with requests more quickly. You could consider whether it is feasible or desirable to develop systems that allow individuals to access their information easily online.

Lawful basis for processing personal data

6. Lawful basis for processing personal data

You should identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.

Consent

7. Consent

You should review how you seek, record and manage consent and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard.

Children

8. Children

You should start thinking now about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian permission.

Data breaches

9. Data breaches

Some organisations are already required to notify the ICO (and possibly some other bodies) when they suffer a personal data breach. The GDPR introduces a duty on all organisations to report certain types of data breach to the ICO, and in some cases, to individuals.

Data Protection by Design and Data Protection Impact Assessments

10. Data Protection by Design and Data Protection Impact Assessments

It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’.

Data Protection Officers

11. Data Protection Officers

You should designate someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. The appointment of a DPO is not mandatory and should be determined by you after performing a GDPR gap analysis.

International

12. International

If your organisation operates in more than one EU member state, you should determine your lead data protection supervisory authority and document this.

Make sure you are prepared:

Get in touch to arrange your GDPR website compliance review

Simply fill in the form and we’ll be in touch with one of our dedicated reviewers to start the process.

We will never use or retain this information in order to send marketing communications to you.

*Information taken from Information Commission Office resources - ico.org.uk

**The website review does not cover any other business aspects of GDPR and merely covers one part of the new regulations. Other such areas will need to be addressed by you / the business separately.

Do you need a GDPR website review?

Make sure you are compliant by 25th May 2018 – at which time those organisations in non-compliance may face heavy fines.

Xigen are here to help, please get in touch if you’re unsure or need any assistance

Yes, please help

*The website review does not cover any other business aspects of GDPR and merely covers one part of the new regulations. Other such areas will need to be addressed by you / the business separately.