And so it begins. The mad rush for companies to ensure their compliance with the GDPR before it comes into full force on the 25th of May. Indeed, the rush is so mad that the term ‘GDPR’ is currently being Googled even more than Beyoncé. While these may be troubling times for certain pop stars, we hope that those who are frantically-Googling have covered most of their bases by now. If you haven’t, well, get ready to tap into that “doing all of your school homework on the last day of your summer holidays” mindset (a great start would be reading our previous blog post about what the GDPR is and how it works)! But for most companies, today will simply involve running some checks and making sure that everything has been put in place and is ready to go. As such, we have put together a quick checklist for you to run through before GDPR is officially implemented. Try not to panic too much!
- Have you formulated and documented a full account of what personal data is held by your company, where the information came from, and who it is shared with (if anyone)?
- Does the way your company processes data take into account and respect all the individual rights help by your customers, as outlined in the GDPR?
- Do you have the necessary provisions in place for deleting personal data or providing it in a clear and accessible format should a customer request as such?
- Have you determined whether or not the methods used by your company to obtain, process, store and retain personal data is in accordance with the GDPR?
- Is your company’s data retention policy (i.e. the amount of time your company stores personal data) up to GDPR standard and are your customers aware of this?
- Have your customers been made aware of any changes to the way your company is collecting, organising, storing or altering their personal data?
- Furthermore, are the most important employees in your company aware of the new regulation and any new responsibilities they may have as a result?
- Is the way in which your company records and manages consent in line with the GDPR, with customers being told what their consent entails and informed about their right to withdraw content before opting in?
- Does your company require a data privacy impact assessments (DPIA) and, if so, have you figured out how you would go about conducting one?
- Likewise, does your company need a data protection officer and, if so, how will you go about recruiting and managing them once they are a part of the company?
- Is your company equipped and prepared to handle data breaches in a timely manner and with procedures that meet the new reporting obligations outlined in the GDPR?
At Flexible Storage, we are fully compliant with the GDPR and will be happy to take this load off your shoulders. When you outsource document storage to a company that has knowledge and experience with data protection, you can focus on the growth and success of your business rather than matters of compliance. Get in touch with one of our professional storage consultants for a quote!