GDPR – What do you need to do?

The General Data Protection Regulation takes effect on 25 May 2018.

All firms need to address the following –

  • Risk assessment – map the data you hold, identify the lawful basis on which you process it, review how long you keep it, and satisfy yourself you are taking reasonable steps to secure it.
  • Review consents, if you are relying on them.
  • Appoint a Data Protection Officer if you need to.
  • Record keeping.
  • Train staff.
  • Review your recruitment procedures.
  • Review your contracts with data processors
  • Check whether you are transferring data outside the EEA (e.g. cloud providers) and make sure you have a lawful basis for doing so.

How Legal Risk can help

We can help with your risk assessment process.

We can also advise on documentation and dealing with subject access requests and other issues which may arise in practice.

Useful links