Am I ready for the changes to be implemented? GDPR update:

Post by: Laura Hamilton 01/05/2018 0 comments 490 views

The changes to GDPR will become law from 25 May 2018 therefore, it may be beneficial to consider some important guidelines to ensure that your place of business is ready for this to happen.

The most important 10 pointers to confirm are:


  1. Consent must be obtained to hold any records;


  1. An employee can have access to their information and this must be provided;


  1. Any information must be kept in such a way that it is not obvious who it belongs to or what it contains (a code to encrypt the data may be helpful);


  1. Any information which can be anonymised should If you don’t need to know your employee by their data i.e. for research analytics or statistics, then anonymise it;


  1. Encourage all employees to use complex passwords and not to share them with others. You may also benefit from imposing a requirement to regularly change these i.e. every calendar month;


  1. Ensure remote working or transfer of data includes an encryption so that data cannot be readily accessed and/or used;


  1. Ensure any devices i.e. smartphones or tablets, are compliant with security access. If they are not, it may be beneficial to instead supply laptops or phones;


  1. Any personal information should only be processed for very specific purposes;


  1. Implement policies to measure the usage of employees and ensure compliance with the relevant principles;


  1. All records for compliance must be kept to prove that you are performing checks and collating data accurately.


Much of what is already in place will not change however, the main changes relate to consent and the knowledge gained for storing of data. To ensure you are not accidentally caught in a difficult situation, you will require a Data Protection Officer (DPO) to act as an individual to liaise with if things do go wrong.

Remember, if a breach occurs, the DPO must be notified within 72 hours of your awareness of this.


Make sure you enter the(*) required information where indicated. HTML code is not allowed