What are three easy steps you can take to become GDPR compliant?

Well, you could say that this title is a little misleading – GDPR compliance is not a tick box exercise.

There are however 3 easy steps you could take now which will set you on your way to becoming GDPR compliant.

Step 1: complete an internal audit.

• Who do you collect personal data from?
• What personal data do you collect?
• What personal data do you store?
• What personal data do you pass on to third parties?
• How do you use personal data?
• Why do you use personal data?

It is a legal requirement under the GDPR for data controllers to keep a record of this type of information. This is also a great starting point to help assess what other actions you need to take.

Step 2: issue a privacy notice to employees.

• The purpose of this step is twofold:
o Compliance: Compliance by you as data controller; and
o Awareness: Making your employees aware of the GDPR and the rules around processing personal data.
• Compliance: As an employer you will have collected personal data from your employees – name, date of birth, home address, emergency contact details, etc. Under the GDPR, individuals have the right to know what personal data of theirs is collected, stored, and processed; and how it is processed. This will be detailed in a privacy notice.
• Awareness: It is likely your employees will know of the GDPR and that changes are coming into effect, but not necessarily know anything about it. Providing them with a relatable example – their lives and their personal data – will hopefully provide a foundation for awareness on how the regulations apply to customer data.

Step 3: speak to a solicitor.

• I’m sure you all saw this coming, but the GDPR is not something to ignore. The penalties for non-compliance can be huge and includes fines, compensation to data subjects, and legal costs.
• At Redfern Legal we can provide you with a free questionnaire to complete. Once you return it, we will provide you with a detailed list of documentation, processes and policies we think you should have in place that will help you be GDPR compliant.

Maria Hamber