12 Days of GDPR – Day 3 Communicating Privacy Information

What the ICO says –

“You should review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation.”

What does this mean for your organisation –

Time to dust off the privacy policies of your organisation and bring them kicking and screaming into the 21st century. That is if you have them, if not then time to get them in place.

Privacy policies as with all policies, need to be in plain English, comprehensive, and fair. Don’t forget that its not just the privacy notice that is needed. Does your organisation have a website? That will need a cookie policy. Does your organisation have CCTV? Again, a policy is needed for that. What about call recording, yep that requires documenting also.

There are many areas within an organisation that impact personally identifiable information and each organisation is different so one size does not fit all. Getting this aspect right in the beginning, along with a good Quality Management System and it is highly likely that your organisation will start to see noticeable benefits.

Do you have employees? If you do then they need to know via privacy policies how their data is processed before, during and following employment with your organisation.

Web access monitoring, backups, physical paperwork, it all needs to be controlled correctly and documented so it can be audited should the occasion arise.

The GDPR obligates an organisation to be lawful, fair and transparent when processing PII and as most privacy policies are public, everyone can see them staff, customers, competitors, law enforcement and the ICO so policies need to be bang on.

As you can see there is a lot to do with regards privacy notices and policies but with good data management an organisation can use it as a positive to show it takes data protection seriously.

Click here for Day 4 – Individuals Rights

Click here for Day 2 – Information You Hold

The 12 Days of GDPR snippets are not designed as a guide to make your organisation GDPR compliant, they are just to whet your appetite to get you started. BMGUK Consultancy Ltd has one of the few certified EU GDPR Practitioners in the UK, so get in touch and I can assist your organisation to become GDPR compliant.

What is the GDPR? – It is the new evolution of data protection across the EU. On May 25th, 2018 the General Data Protection Regulation becomes enforceable so if your organisation processes personally identifiable information of any EU resident then you need to be prepared for the GDPR otherwise your organisation could face significant penalties.

From the largest multinational down to the smallest of sports clubs anywhere in the world, if your organisation offers goods or services, even free ones, to EU residents then it is highly likely that your organisation will be required to comply with the GDPR.

Whether your organisation is based in the UK or overseas, get in touch with BMGUK Consultancy Ltd for all your GDPR needs.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Powered by WordPress.com.

Up ↑

%d bloggers like this: