First in this series where we walk through the steps suggested by ico uk to help explain the provisions in the GDPR for day-to-day impact.
Step 1: Awareness
You should make sure that decision makers and key people in your organisation are aware that the law is changing to the GDPR. They need to appreciate the impact this is likely to have.
As a small agency we do not have a deep structure to arrange training and responsibilities. So for this step it is a little easier for us to plan. Though at the same time there are not so many people to delegate too so we scheduled part of the time each month to work on this. So we can draw up a roadmap for checklist documents for our contractors and partners when we take on new people are able to get up to speed and comply quickly.
We have been to legal GDPR talks and keeping team feed on worthwhile webinars and videos after reading the regulations. Being a digital agency we have had to dig in a little more to how we can get our customers compliant in their websites too.
Documents we have so far identified cover, data security for servers and databases, how to use databases in development without the production personal data, process a data subject deletion request, process a data subject access request and process a data breach.
We have also been reaching out to partners and clients to see that they have begun their awareness too.
Do you have a GDPR process that you still have questions about?
Send me your thoughts, We can advise you on roadmap steps to production.