The EU General Data Protection Regulation (GDPR) is now in full effect. All businesses handling personal data of EU citizens must comply with its provisions. To support this, we’ve developed a series of blogs and briefings detailing the Regulation, its key impacts, and the necessary steps to ensure your business remains compliant.

How to Record Keep Within Your Organisation

Organisations with more than 250 employees must appoint a Data Protection Officer (DPO) and comply with stringent record-keeping requirements under the GDPR. Smaller organisations, while not required to appoint a DPO, must still adhere to applicable record-keeping measures based on the nature and scope of the data they process.

Your GDPR Compliance Strategy

• Small businesses may face greater challenges in budgeting for compliance. Starting early and spreading the workload and cost remains the most effective strategy.
• It’s essential to have procedures in place for security and breach notification. Proactively addressing these areas ensures smoother ongoing compliance.
• If your organisation has more than 250 employees and has not yet appointed a DPO, this needs to be addressed immediately.
• Engage with suppliers and other stakeholders to ensure they are also handling your data in a GDPR-compliant manner.
• Develop and implement processes to respond to data subject rights, such as the “right to be forgotten” and the “right to restriction.”

Planning

• Every organisation is unique. Develop a tailored implementation plan and allocate sufficient budget and resources to address any compliance gaps.

Prioritising

• Identify the compliance areas that pose the highest risk to your organisation.
• Start with high-risk areas and operational changes that require the most time and effort to implement.
• Prioritise actions that demand immediate attention and align them with your operational goals.