Okay, For business owners these four letters are a little haunting here in April 2018!
We made our preparations for GDPR last autumn so I would hope that we are able to give you a good summation of the work that needs to be done:
Your business does need to complete a checklist to show you have tackled these exercises before 25th May. Please do not work on the basis that you can pick this up on May 24! Doing so will show that should you have a data breach the ICO, your insurers and the outside world will not see that you were negligent.
There are three key areas you will need to address:
If you keep personal data on your business customers and especially as a result of having business to business website or other software held in the cloud then you need to make sure that this data is kept to a minimum and up-to-date. You will need to have systems to make sure that old data is regularly removed and refreshed.You will need to have a purge of old data before May 25. This would mean destroying old records that you are no longer legally required to still hold if they are physical. Electronic data also needs to be reviewed. This could be a long process so please allow time for this.
If you send email attachments you need to consider whether there is sufficient encryption to prevent this information falling into the wrong hands by accident.
- Inform your world
Inform your customers and other contacts that you are compliant -once you have carried out these processes. Your industry will suggest means by which you should be doing this. In our case we shall be issuing updated engagement letters.
If you would like a checklist please please drop me an email and I’ll be happy to forward this to to you.