GDPR is approaching, and fast. By 25 May 2018 all businesses will need to ensure they are complying with the legislation. We believe that the changes that are expected to take place will be positive, promoting the need to treat personal data with respect by everybody.
We have always taken IT security seriously and have been investing in our infrastructure over the last 12 months to keep up with this ever-changing landscape. As such we are already well underway with our journey, and whilst we are not in a position to offer any advice directly we are hoping that by sharing our experiences with you we may inspire you in your own process. We will share an update with you after our monthly GDPR working party meetings. We won’t go into specifics, but we will give you an insight.
As far as we are concerned, every department in our firm has a responsibility to protect the data that they have access to, therefore our working party has representatives from all areas of the business – each of them has a unique insight into the GDPR process in their environment and together we will be able to roll out any changes across the firm quickly and efficiently.
We began our discussions by reviewing the ICO publication ’12 steps to take now’
. This has formed the basis of our planning. Each of these areas is being covered by dedicated sub-committees and the general approach being taken by these groups is as follows:
- Look at how this area affects us
- Look at where we are now
- Look at where we need to be
- Make a plan for how to get there
Sub-groups meet in between the monthly meetings and report back to the main group on their activity. Some areas that have been under discussion include:
- Our marketing and privacy policies are all being reviewed and updated to ensure we are compliant with GDPR. You may well hear from us in the next few months if we need to change anything
- We are analysing and reviewing all of the data that we hold on file
- We are contacting all of our third party suppliers to ensure that they are meeting their GDPR obligations
- We are making sure that staff are kept fully informed as to what is expected of them
We hope that you find this interesting and helpful. If you have any questions, please contact us
and if we are able to provide an answer we will.