With GDPR now just months away, there is obviously much discussion, concern and general rumour doing the rounds. To help you with your preparations we have compiled a checklist of the things that you should be looking at.
Lawful basis for processing personal data
To make certain your business is able to comply with GDPR you should review the various types of processing you carry out. You will then be able to identify your lawful basis for your processing activities and can document this as well as explain your lawful basis for processing personal data in your privacy notice(s).
One of the key areas of GDPR is that of consent. Now is the time to review how you seek, record and manage consent. Your business should look at your current system and how you record consent and implement the appropriate mechanisms in order to ensure an effective audit trail.
Communicating privacy information
Review your current privacy notices and plan to make any necessary changes in time for GDPR implementation.
Check your procedures to ensure that you can deliver the rights of individuals under the GDPR.
Review your procedures and have plans in place for how you will handle requests from individuals for access to their personal data within the new timescales outlined in the GDPR.