The key personnel in your organisation should be aware that the data protection law is changing. Team members should have GDPR training provided by the organisation.
A key person should be appointed to take overall responsibility for complying with GDPR and for ensuring data protection has a very high priority within the organisation.
Organisations should review and enhance their risk management processes and record their actions.
Think about what could cause a data breach or security problem in the organisation and what you could do to reduce the risks of a breach.
Think about the risks relating to paper records and electronic records and how you can mitigate these risks.
Some DO’s and DO NOT’s
- Do not leave people’s information out on your desk
- Do lock filing cabinets
- Do not leave data displayed on a screen (use a screensaver)
- Do not leave your computer logged on and unattended
- Do change your password frequently
- Do not choose a password that’s easy to guess
- Do not give your password to anyone, ever!
- Never send anything by fax or e-mail that you wouldn’t put on the back of a postcard
- Do not disclose any personal information without the data subject’s consent or verifying the enquirer (e.g. phone the police officer back via the station switch board)
And finally, …
Never put anything on email that you don’t want to see on the front page of the Daily Mail because…
The internet never forgets!
- Make a list of all the things in your organisation that could cause a data protection breach or a security issue. Then add the risk involved and what you have done or need to do to mitigate the risk. This is your first step in being able to demonstrate that you are working towards compliance with GDPR requirements
- All organisations should ensure they have a clear, robust, binding written contract with their business management software suppliers and that all other external data processors ensure they comply with GDPR.
Think about the data protection dangers and ask yourself:
- Who can hear your phone call?
- Who are you actually talking to?
- Do they really need to know?
- Who can see your PC screen?
- Where does waste paper go?
- Provide training to all team members
- Appoint a key person for data protection responsibilities
- Risk assess the current data protection compliance
- Enhance the data compliance policies and procedures
- Make a list of all the things in your organisation that could cause a data protection breach or a security issue
- Have robust contracts with business management software suppliers and that all other external data processors ensure they comply with GDPR.