After the countdown to GDPR, you might be a bit fed up with hearing about your data protection obligations. But making sure your business is compliant was only the first step. Now you need to start thinking about how to stay compliant.
Our Legal Team here at MarketInvoice have put together a list of some good places to start:
Data protection officer
Small businesses (under 250 employees) don’t need to have an official designated officer for this role, so you might not need one – yet. However informal the arrangement is right now, have you thought about who is responsible for data protection in your office? Another important thing to consider is how you’ll keep track of this requirement as the business grows.
As part of preparing for GDPR, you most likely reviewed and documented the processes in your business that involve personal data. Going forward, make sure you treat this log as an ongoing document. That means documenting any updates to processes and adding any new processes that involve data.
Awareness of GDPR is currently at an all-time high and you’ve probably held staff training on how to treat personal data for ongoing compliance. As time passes, you’ll need to refresh this training with all staff and consider how any new employees are being brought up to speed.
Updating policies on what you intend to do around retaining and effectively deleting data will only take you so far. Now’s the time to start considering new processes that you might need to introduce. To ensure that these policies are being adhered to, for example, and that data is actually being kept for the specified time only.
This are just a few helpful considerations and you may find there are numerous further steps you need to take to stay compliant. The key thing here is not to look at the data protection requirements as a one-off project. From now on, this will be an ongoing and constant consideration of your business.
Want to find out more? Check out the Independent Commissioner’s Office Guide to GDPR.