GDPR – What do you need to do?
The General Data Protection Regulation is now fully in force. This applies Europe-wide.
All firms need to address the following –
- Risk assessment – map the data you hold, identify the lawful basis on which you process it, review how long you keep it, and satisfy yourself you are taking reasonable steps to secure it.
- Review consents, if you are relying on them.
- Appoint a Data Protection Officer if you need to.
- Record keeping.
- Train staff.
- Review your recruitment procedures.
- Review your contracts with data processors
- Check whether you are transferring data outside the EEA (e.g. cloud providers) and make sure you have a lawful basis for doing so.
How Legal Risk can help
We can help with your risk assessment process.
We can also advise on documentation and dealing with subject access requests and other issues which may arise in practice.
Useful links can be found here.
For specialist legal advice on GDPR please contact Frank.
0345 330 6791 Frank.Maher@legalrisk.co.uk