GDPR Countdown

GDPR comes into force on 25 May 2018. The new rules are intended to meet the needs of a digital age, and require a change in organisational attitude towards data privacy. 

With only a few weeks to go here’s our top tips for how you can make sure you’re ready.

4 weeks to go: Data audit: if you've not already done one do it now!

  • Determine who will undertake the audit; most likely representatives from different departments (eg HR, IT, legal). Make sure you identify who you will need to speak to during the audit i.e. colleagues involved in payroll or recruitment.

  • Compile a list of your areas of interest: you can start by using your current privacy notice.

  • For each set of data establish whether it is held in live or archive storage, where it is held and whether it is held by a third party.

  • Establish the lawful basis on which you process different categories of data.

  • Create an HR data record from your audit.

3 weeks to go: Update forms and contracts

  • Review your current policies relating to data protection and assess how these might need to be amended to comply with new GDPR rules.

  • Update any forms and contracts as outlined by your data audit.

  • Re-confirm GDPR compliant consent (i.e. lawful basis) to process data for existing employees and leavers and ensure new systems are in place for recruitment and new starters.

  • Compile data privacy statements for all employees.

2 weeks to go: Communicate new rights with employees

  • Ensure line managers and any colleagues involved with recruitment and other data processing are trained in new GDPR compliant processes.

  • Communicate with employees what the changes mean for them and their data and share data privacy statements.

  • Ensure employees are aware of their obligations to you under GDPR (including notifying of a breach) and provide training where necessary.

  • Determine whether you need to appoint a data protection officer and if so investigate appropriate person to fill this role.

 1 week to go: Prepare for subject access requests

  • Set up systems to be able to response to subject access requests “without delay”.

  • Consider creating a subject access request policy.

  • Ensure HR representative is trained in dealing with a subject access request.

« Back to News