Here is an overview of what has changed and what you need to do for compliance

·         All team members should be aware of the data protection law changing.

·         Everyone is responsible for data protection

·         Strict safety and security measures should be in place for:

• • • Premises
    • CCTV
    • IT
    • Emails

·         Make changes to your website.

·         Become accountable for the information you hold.

·         Start by making an inventory of all the personal data you hold on team members and customers.

·         Determine your legal basis

·         Review and enhance your privacy notices for team members & customers

·         Be aware of personal privacy rights changing

·         Individuals have the right to access their information without charge and within one month of the request.

·          Decide if you should get consent for:

• • • Newsletters
    • Text message reminders
    • Referrals
    • Photographs

·         Data protection breaches must be reported within 72 hours to your DPA, unless the data was anonymised or encrypted

·         Mitigate risks using data protection impact assessments

·         Use privacy by ‘design and default’ approach on everything you do.  

·         Appointment a Data Protection Officer if you are required to do so.