Despite months of scaremongering in the news and weeks of ‘privacy’ emails flooding our inboxes, it is anticipated that most organisations will have failed to hit the GDPR deadline.
MHR’s, Data Protection Officer Lesley Holmes advises businesses not to panic:
“If you’ve failed to meet today’s GDPR deadline it is not too late to start on your compliance journey. “
”From an employer point of view the biggest priority is to tell individuals what you’re doing with their personal data and get your privacy notice done as soon as possible.’’
“As a first point of call you must identify what data you hold, why you collect it, what you do with it, the legal basis for doing so, how long you keep it for and who you share it with. By identifying the what, where, when, why and how, you can take your first steps towards compliance.’’
“If you can demonstrate high standards of data management, then you are well placed to improve your operations and build the confidence and loyalty of customers, not to mention the peace of mind that comes from knowing that you’re minimising the risk of a potential breach and the damage this could cause to your business.”
Top Tips for HR and business leaders to get GDPR compliant
- Tell your employees what you are going to do with their data.
- Provide proper, regular GDPR training for all employees: All departments must be armed with knowledge if they are to successfully navigate the road ahead - and avoid those eye-watering fines.
- Know the extent of the personal data your company processes and how it is used. A data audit will provide a clear picture of where you stand and what you need to do in order to achieve compliance.
Revise, rewrite, update
- Review your current business data processes. Consent clauses, where used, need to be looked at and possibly rewritten, with consent being re-obtained if you can’t use the soft opt-in. Contracts with third parties need to go through the same process, and systems need to be in place to cover the range of new employee rights.
- Review and update your data processing system, checking for gaps in compliance.
As an experienced Data Protection Officer (DPO) and former Senior Information Management and Governance Consultant with a sustained record of delivering success in Information governance (IG) and front line services, Lesley is extremely experienced in data protection law. She previously worked on designing and developing new processes and procedures to improve productivity and enhance overall performance, meaning Lesley is a pragmatic leader and trusted team player who creates robust strategies to translate visions into reality.
Now working as MHR’s Data Protection Officer, Lesley’s recent career highlights include: Speaker at GovSec 2017, IRMS 2016, Enterprise Search Europe 2015 and as a GDPR Panellist for AIIM 2018.