Keeping on with GDPR
Unlock This Video Now for FREE
This video is normally available to paying customers.
You may unlock this video for FREE. Enter your email address for instant access AND to receive ongoing updates and special discounts related to this topic.
GDPR is ongoing. Organisations need to make sure that they keep up to date with any changes. The ICO website is the ideal place to do this. There may be changes or amendments and it is the responsibility of the person who is in charge of data protection to make sure that these have been implemented.
You will need to monitor and review information to make sure you are complying with your retention policies and that you remove any data that has passed the time set as you promised you would in your privacy policy.
Where data is held and processed on a regular basis you will need to monitor for accuracy and make sure it is kept up to date.
If you identify any new processing activities, for example if your business expands, you would need to update your privacy policy to reflect any changes. If you do it is a good idea to keep a copy of the previous copy of your privacy policy so you have a copy of both versions available.
So it's a good idea to every now and again, stop and review your whole GDPR policies.
Reviewing your internal data breach records can help to identify where more training is required or a change in policy may help to reduce the risks.
Monitoring the unsubscribes may help you to identify better ways of marketing and retaining customers. GDPR can actually be a very useful business tool, it helps to identify potential ways that you can actually improve your relationship with your customers.
Fines and scary emails
Most business in the UK received a lot of emails about how they were facing huge fines for not having their policies in place. A large number of these as we are sure you know, were generated to frighten people into paying for "experts" to make them GDPR compliant.
There are companies that can review your policies and see if you are GDPR compliant, but achieving compliance would not be possible without the knowledge of the business that only those involved in the running of a business can attain. A small organisation that works hard to maintain GDPR compliance is unlikely to suddenly be subject to a huge fine but be aware that all complaints will eventually be investigated.
The fines that have been reported in the news are where organisations have suffered major data breaches involving the personal data of thousands of individuals and they have been fined large sums of money but we can only assume that with GDPR the fine is going to fit the "crime".
Remember the ICO has a small business help line. Their site is extremely helpful, it does provide an awful lot of information and there are a lot of interactive tools that you can use to help you to make a lot of decisions. It is not the big bad wolf that it has been made out to be.
Obviously, they may come and fine you particularly if you are selling personal data or acting irresponsibly, but in many cases they may give you a wrap over the knuckles if you're doing something wrong, but the best thing to do is to make sure that you're compliant.
Use the information provided and follow best practice, treat other people's personal data in the same way you would want others to treat your personal data. GDPR is one of many aspects of running a business where you have a great responsibility and ignorance is not going to be a good defence.