The GDPR (General Data Protection Regulation) is finally upon us! Workshops are filling up, consultants’ diaries are blocked out, but some people still have lots of work to do.
The work involved to be GDPR compliant is going to be a nuisance and there is no getting around it! It’s a lot of work, but the best way is to categorise your methods and attack it from that angle. Marketing is the main area of concern. Working out the legal basis on which you’re marketing, putting good consent processes in place, and updating the privacy policy should come before anything else. Then you can look at you data collection, the holding of your data etc.
Collection of data can come in to the business via so many different channels. Phone, email, website contact forms etc. You need to look at where you are bringing your data in from and document those processes as best you can.
Making sure your IT infrastructure is performing the best it can be is vital. Do what needs to be done because nobody wants fined do they? Firewalls, endpoint security, encryption all these will benefit you massively in the long run and make life easier to be honest. The government endorsed Cyber Essentials course is one very good way to make sure you are ticking all the boxes that you need to be. Here at Bell Park Kerridge we are proud to say we are compliant with the Cyber Essentials scheme.