In our previous blog we talked about what GDPR is and an overview of what it means for your business or charity: What is GDPR? In this article, we provide some practical steps for getting your data processes up to scratch before GDPR comes into force in May 2018.
What should you do next to prepare your business or charity for GDPR?
1. Consolidate data
It will be much easier to ensure compliance if you know where all your data is. Document everything you hold across all departments and locations. Creating data maps through data workshops is a useful technique to get started.
2. Understand users
Are your users making copies of customer databases to work remotely; stored on desktops, mobiles or in the cloud? This data should be subject to the same data protection compliance or you could create systems to give access to central databases on the go.
3. Review consent
Consent cannot be inferred. Do you need to replace pre-ticked boxes on your websites or user interfaces? Are you recording how consent was given and providing the right to opt out?
4. Data extraction
Be ready for data requests. How easy is it to comply with information requests from individuals? Review your processes and systems to ensure that data extraction and updates, are intuitive and quick.
5. Privacy by design
Ensure that any new systems developed or adopted comply with privacy from the outset. This is particularly the case with automation or integration software projects.
For help getting your data processes and software ready for GDPR, get in touch with a data expert today.