Breaking down GDPR for fast-growth businesses – GDPR.Report
With all the noise about GDPR and the 25 May 2018 deadline edging closer, we’re still seeing a lot of confusion from businesses about what they actually need to do to comply. There’s an understanding around the risk of reputational and financial exposure, but what does a game plan actually look like? How in-depth an overhaul is required? When it comes to managing the personal data, each business is responsible for assessing the degree of risk that their activities pose. While there’s no “one size fits all”, there are some practical steps you can take. This element is an ongoing requirement and needs to keep up with your business as it grows. As an employer, tightening up on how you share data within the organisation is key. This means moving away from relying on consent when processing employee data and focus on other justifications, such as contract performance and legal obligations as well as administrative reasons and workplace efficiency. Make sure you check and update employment contracts and handbooks, and that your people understand – ideally via training – how to handle data. A DPIA is critical for high risk data (large scale processing or sensitive personal data). —gdpr.report