With GDPR now in force through the enactment of the Data Protection Act 2018, the most notable thing is that the panicked phone calls have stopped! Does this mean that all of our clients are completely compliant? We doubt it – however there is the inevitable feeling that now GDPR has been enacted and nobody died, that its all blown over.
We have been emphasising that the ethos of the GDPR can be summed up in three words, RESPONSIBILITY, ACCOUNTABILITY, and DEMONSTRABILITY.
You are responsible for analysing what data you process and ensuring that you are compliant with the legislation. It is no longer enough to simply adopt a policy that someone else has drafted for you, or to rely on your service provider’s assurances as to the security of your data. You must take responsibility for your own data, and how it is processed and secured.
You will be accountable for the actions of the individuals within your organisation who come into contact with personal data, and any external suppliers and customers who have access to your personal data, for ensuring their compliance with the legislation. Make sure that you educate your staff as to what they should be doing. An “inward” facing data protection notice should set out how your organisation expects its staff to handle personal data and you should ensure that each member of your staff is appropriately trained in their data protection obligations.
GDPR is all about making you think about what data you have and what you do with it. Even if you make the wrong decision about processing data in accordance with the legislation, the fact that you:
- identified the fact that personal data was being processed;
- made a judgement as to how this should be done in accordance with the legislation; and
- can reasonably justify that judgement;
will take you a long way in defending any claim for breach of the GDPR.
If you need any help with ensuring that your organisation is GDPR compliant, please contact Jane Rudge on 0121 227 3885 email email@example.com or James Monk on 0121 227 3366 email firstname.lastname@example.org