GDPR: Your First Steps to Compliance – AMS TV 14

Mark from All My Systems talks about how you need to change the way you collect and store data to be GDPR compliant.

GDPR applies to personal data, but what exactly is personal data?

It’s any data which relates to an identifiable person

This could be things like..

  • Purchase records
  • Feedback forms
  • Photos
  • Mailing lists

Basically, any data which can be used to identify a person

So, where do I start?

Well, first of all, you need to review your current data protection policies, then, identify all the systems you store data in, such as

  • CRMs
  • Email databases
  • Finance systems, and
  • HR systems

Then, identify exactly what data you’re collecting and how you use it. Look at each field you collect and why.

So, I know about the data I hold, what next?

You must have gained consent for each person’s record you’ve stored

Consent must be freely given, specific, informed, and unambiguous. So….

  • People must opt-in to giving you data. You can’t make assumptions or use pre-ticked boxes.
  • You must tell people exactly why you’re collecting their data and show them your privacy policy which lists everything you store about individuals (name, age, address, date of birth etc)
  • If you’ve collected details via a third party (rather than directly from the subject), you’ll have to actively notify them and give them your privacy policy
  • To be compliant, your system must show exactly how you obtained consent

Also, you need to be able to deal with requests

  • All staff must be trained and understand their responsibilities for GDPR requests
  • People now have the right to be forgotten and it is expected that this will happen immediately. You must be sure that you can do this on your system
  • People have the right to ask for a copy of all the data you hold about them. You’ll need to know how to find all that data, and then present it to people in a machine-readable format.

Have a look at Don’t Fear GDPR – Episode 13

Share on twitter
Twitter
Share on linkedin
LinkedIn

Get the latest articles sent to your inbox

Never more than weekly. No spam, ever.