You’ve updated your privacy policies, documented how you collect, store and process personal data and added a cookie consent manager to your website – but GDPR compliance doesn’t stop there. Now you need to focus on staying compliant – that means making sure standards don’t slip and you’re fully prepared to manage any subject access requests or to report data breaches to the ICO. Here are our top tips to help you stay compliant:
- Train and retrain your team. They are at the heart of your compliance strategy, so make sure training is repeated annually to reinforce and update their knowledge. Also, make sure all new employees take GDPR training when onboarding so that they’re prepared from the start.
- Evaluate all new processes which involve personal data – do you have a legitimate basis for processing the data? Is it a special category of data? Are you collecting children’s data?
- Create a succession plan for your DPO or data privacy representatives in the business – if they leave, is there someone else who can take their place immediately? Are they aware of the processes that need to be followed in the event of a subject access request or data breach?
- Check whether you need to register with your local Data Protection Authority and whether you are required to pay a fee – and don’t forget to take note of the renewal date.
- Carry out regular ‘dry runs’ for the event of a data breach or subject access request. Involve several members of the team to ensure it could be appropriately managed even if your data protection representative is away from work.
- Make sure any new technologies added to your website or backend systems have been accounted for in your policies and information notices.
All of this is made simple with your subscription to Sovy GDPR Privacy EssentialsSM. Put data privacy at the heart of your business today.