Steps to ensuring GDPR compliance
With the General Data Protection Regulation (GDPR) coming into play on 25th May 2018, many organisations are looking to clean and protect their data to ensure compliance, and the damage management industry is no different.
The regulation has been designed to safeguard EU citizens’ data privacy and reshape the way organisations approach data. It doesn’t matter whether your organisation has 10 employees or 1000, everyone is affected, and you must ensure compliance. To ensure you’re prepared for the important changes in data privacy, we have formulated 5 easy steps towards compliance.
The first step to ensuring GDPR compliance is to gather all your data. This is not just your mailing list data, but contracts, and personal and sensitive data too. You not only have to consider the type of data you have, but where it is stored too. You need to collect all data from filing cabinets, databases, electronic files and website data.
Now you have collated your data, you must identify whether all the information you hold is necessary. For instance, it is likely that names and email addresses will be important to you, yet sensitive data such as sexuality, religion, race, health and criminal offences may not be essential to your organisation. If this is the case, you should clean out any unnecessary data and dispose of it correctly – shredding paper documents and emptying your computer ‘trash’.
You must inform the individuals about your lawful basis for processing their personal data (also known as a Privacy Notice). This should include who you are as an organisation, what you are going to do with their data and who it will be shared with.
Although this information needs to be included, the way you communicate doesn’t need to be purely corporate. You need to give your subscribers a reason to want to keep receiving your emails – what value can you add to their inbox? Focusing on the subscribers’ professional interests will help.
Individuals need to consent to you handling their data, so you need to give them a genuine choice. You will need to create clear opt-in and opt-out methods, records of consent and an easy way for people to withdraw.
Once you have the cleaned and consented data, you now need to ensure it is secure. GDPR requires personal data to be processed in a manner that protects against unauthorised or unlawful processing and against accidental loss, destruction or damage. It requires that appropriate technical and organisational methods are used. This includes password protecting data on an online server and ensuring paper documents are filed and protected correctly.
Here at the BDMA, we have been adjusting and putting measures in place to ensure our data is safe and GDPR compliant.
*These tips are simply a guide and we recommend consulting with your IT support and the necessary personnel, to ensure compliance for your specific organisation.*