SlideShare a Scribd company logo

12 steps to prepare for GDPR

Gary Chambers
Gary Chambers

PIB Insurance Brokers are pleased to present - 12 Steps to prepare for the GDPR

Business
1 of 6
Download to read offline
PIB Insurance Brokers present: 12 Steps to Prepare for GDPR
Presented by PIB Insurance Brokers On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom. The GDPR replaces the Data Protection Act (DPA) and ushers in expanded rights to individuals and their data, and places greater obligations on businesses and other entities that process personal data. Many of the GDPR’s main concepts and principles are the same as those in the DPA, so if you are complying properly with the DPA much of your approach to compliance will remain valid under the GDPR and can be a starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently. It is essential to plan your approach to GDPR compliance now and to gain buy-in from key people in your organisation. That is why PIB Insurance Brokers is here with guidance and a checklist from the Information Commissioner’s Office (ICO) to help you prepare for compliance in 2018. Compliance with all the areas listed in this checklist will require you to review your approach to governance and how you manage data protection. Use the following checklist to map out which parts of the GDPR will have the greatest impact on your business model, and create a plan to focus on those areas in your planning process. STEP 1: AWARENESS Make sure that decision makers and key people in your organisation are aware that the law is changing. They need to appreciate the GDPR’s impact. YES NO ADDITIONAL NOTES Are the key decision makers at your organisation aware that the GDPR will force you to change the way you conduct business? Do the key decision makers know how the GDPR will affect your organisation? Do the key decision makers at your organisation know what the requirements of the GDPR are? Do the key decision makers at your organisation have a plan for how you will become GDPR compliant?
STEP 3: COMMUNICATING PRIVACY INFORMATION Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. YES NO ADDITIONAL NOTES Has your organisation reviewed its current privacy notices? Does your organisation have a plan in place for making necessary changes to your privacy notices? Does your organisation know what changes need to be made in order to comply with the GDPR? STEP 4: INDIVIDUALS’ RIGHTS Check your procedures to ensure they cover individuals’ rights, including how you would delete personal data or provide data electronically in a commonly used format. YES NO ADDITIONAL NOTES Do your procedures cover all the rights that individuals have under the GDPR? Do your procedures allow individuals to delete their personal data? When deleting personal data, would your systems help you locate and delete data? Who will make the decisions about deletion? Do your procedures provide individuals with their data electronically and in a commonly used format? STEP 5: SUBJECT ACCESS REQUESTS Update your procedures and plan how you will handle requests within the new timescales and provide any additional information. YES NO ADDITIONAL NOTES Has your organisation updated its procedures for how you will handle subject access requests? Will your organisation be able to comply with subject access requests within one month, rather than the DPA’s 40 days? Does your organisation have a plan for how it will handle subject access requests? Is your organisation ready to refuse a request, which will involve you telling the individual why and that they have the right to complain to the supervisory authority and to a judicial remedy? Will you be able to do this without undue delay, and within one month? Is your organisation able to provide additional information upon request about subject access?
STEP 6: LAWFUL BASIS FOR PROCESSING PERSONAL DATA Identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it. YES NO ADDITIONAL NOTES Has your organisation identified the lawful basis for your processing in the GDPR? Does your organisation have a method to document how you process personal data? Has your organisation updated your privacy notice to reflect the lawful basis for processing personal data? STEP 7: CONSENT Review how you seek, record and manage consent, and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard. YES NO ADDITIONAL NOTES Has your organisation reviewed how it seeks consent? Has your organisation reviewed how it records consent? Has your organisation reviewed how it manages consent? Does your organisation need to make any changes in its process of obtaining consent? Does your organisation have simple ways for people to withdraw consent? Is your consent separate from other terms and conditions? Can your organisation’s existing consents be updated to meet the GDPR standard, meaning are they specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn? STEP 8: CHILDREN Think about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity. YES NO ADDITIONAL NOTES Does your organisation have a system in place to verify individuals’ ages? Does your organisation have a system in place to obtain parental or guardian consent for any data processing activity?
STEP 9: DATA BREACHES Make sure you have the right procedures in place to detect, report and investigate a personal data breach. YES NO ADDITIONAL NOTES Does your organisation have a procedure in place to detect a personal data breach? Now that the GDPR introduces a duty on all organisations to report certain types of data breaches to the ICO, and, in some cases, to individuals, does your organisation have a procedure in place to report a personal data breach? Does your organisation have a procedure in place to investigate a personal data breach? Does your organisation need to assess the type of personal data it holds and document when it would be required to notify the ICO or affected individuals if a breach occurred? STEP 10: DATA PROTECTION BY DESIGN AND DATA PROTECTION IMPACT ASSESSMENTS Familiarise yourself with the ICO’s code of practice on privacy impact assessments as well as the latest guidance from the Article 29 Working Party, and figure out how and when to implement them in your organisation. YES NO ADDITIONAL NOTES Is your organisation familiar with the ICO’s code of practice on privacy impact assessments? Does your organisation have a strategy on how and when to implement the ICO’s code of practice on privacy impact assessments? Is your organisation familiar with the latest guidance from Article 29 Working Party? Does your organisation know how and when to implement Article 29 Working Party? Does your organisation know whether it is required to undertake a data protection impact assessment (DPIA)? DPIAs are required in situations where data processing is likely to result in high risk to individuals, such as when a new technology is deployed or when a profiling operation is likely to significantly affect individuals. STEP 11: DATA PROTECTION OFFICERS Designate someone to take responsibility for data protection compliance and assess where this role will sit in your organisation’s structure and governance arrangements. Consider whether you are required to formally designate a data protection officer. YES NO ADDITIONAL NOTES Has your organisation designated someone to take responsibility for data protection compliance? Has your organisation considered whether it is required to formally designate a data protection officer (DPO)? You must designate a DPO if you are a public authority, an organisation that carries out regular and systematic monitoring of individuals on a large scale, or an organisation that carries out the large scale processing of special categories of data, such as health records or information about criminal convictions. Has your organisation assessed where the data protection officer(s) will sit within your organisation’s structure and governance arrangements?
STEP 12: INTERNATIONAL If your firm operates in more than one EU member state, including carrying out cross-border processing, you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you. YES NO ADDITIONAL NOTES Does your organisation operate in more than one EU member state? If your organisation has establishments in more than one EU member state or you have a single establishment that carries out processing that substantially affects individuals in other EU states, has your organisation mapped out where it makes its most significant decisions about its processing activities? This will help to determine your ‘main establishment’ and, therefore, your lead supervisory authority. Has your organisation determined your lead data protection supervisory authority? Use Article 29 Working Party guidelines to determine this. This checklist is of general interest and is not intended to apply to specific circumstances. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice. Further, the law may have changed since first publication and the reader is cautioned accordingly. Contains public sector information published by the ICO and licensed under the Open Government Licence v3.0. Design © 2017 Zywave, Inc. All rights reserved.

Recommended

GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic
Ermine Amies
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
DAMA Ireland
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
Sarah Fox
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
Premier EPOS
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
Benjamin Dibble
 
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
ObservePoint
 

Recommended

GDPR 12 Steps infographic
GDPR 12 Steps infographic GDPR 12 Steps infographic
GDPR 12 Steps infographic
Ermine Amies
 
DAMA Ireland - GDPR
DAMA Ireland - GDPRDAMA Ireland - GDPR
DAMA Ireland - GDPR
DAMA Ireland
 
Checklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR complianceChecklist for SMEs for GDPR compliance
Checklist for SMEs for GDPR compliance
Sarah Fox
 
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
Six Steps to Addressing Data Governance under GDPR and US Privacy Shield Regu...
DATUM LLC
 
How to get your business GDPR ready
How to get your business GDPR readyHow to get your business GDPR ready
How to get your business GDPR ready
Premier EPOS
 
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take NowGDPR Guide: The ICO's 12 Recommended Steps To Take Now
GDPR Guide: The ICO's 12 Recommended Steps To Take Now
HackerOne
 
ICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPRICO's Guide to Preparing for the GDPR
ICO's Guide to Preparing for the GDPR
Benjamin Dibble
 
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
GDPR ASAP: A Seven-Step Guide to Prepare for the General Data Protection Regu...
ObservePoint
 
Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
Paul O'Carroll
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
Ulf Mattsson
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
Peter Witsenburg
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
DATUM LLC
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
Ulf Mattsson
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
The Pathway Group
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
Ulf Mattsson
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
Kyle Davies
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
Vuzion
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
Fintan Swanton
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)
Exove
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
Ogilvy Consulting
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
Sudarsan Reddy
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
Tim Gough
 
GDPR Readiness
GDPR ReadinessGDPR Readiness
GDPR Readiness
NGA Human Resources
 
GDPR
GDPRGDPR
GDPR
Gopi PD
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
Cobweb
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processors
Exove
 
GDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-stepsGDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-steps
Dean Bonehill ♠Technology for Business♠
 
Are you GDPR ready for EU General Data Protection Regulation?
Are you GDPR ready for EU General Data Protection Regulation?Are you GDPR ready for EU General Data Protection Regulation?
Are you GDPR ready for EU General Data Protection Regulation?
Fraser Hay
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
Maddie Malling-May
 

More Related Content

What's hot

A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
Promapp Solutions
 

What's hot (19)

Teradata's approach to addressing GDPR
Teradata's approach to addressing GDPRTeradata's approach to addressing GDPR
Teradata's approach to addressing GDPR
 
Gdpr action plan
Gdpr action plan Gdpr action plan
Gdpr action plan
 
GDPR How to get started?
GDPR How to get started?GDPR How to get started?
GDPR How to get started?
 
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?GDPR: Is Your Organization Ready for the General Data Protection Regulation?
GDPR: Is Your Organization Ready for the General Data Protection Regulation?
 
Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?Do You Have a Roadmap for EU GDPR Compliance?
Do You Have a Roadmap for EU GDPR Compliance?
 
An Overview of GDPR
An Overview of GDPR An Overview of GDPR
An Overview of GDPR
 
A practical guide to GDPR preparation
A practical guide to GDPR preparationA practical guide to GDPR preparation
A practical guide to GDPR preparation
 
Do You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? ArticleDo You Have a Roadmap for EU GDPR Compliance? Article
Do You Have a Roadmap for EU GDPR Compliance? Article
 
VMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide DeckVMTN6642E - GDPR Slide Deck
VMTN6642E - GDPR Slide Deck
 
Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event Vuzion Love Cloud GDPR Event
Vuzion Love Cloud GDPR Event
 
GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!GDPR - Fail to Prepare, Prepare to Fail!
GDPR - Fail to Prepare, Prepare to Fail!
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)
 
What's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) ChangesWhat's Next - General Data Protection Regulation (GDPR) Changes
What's Next - General Data Protection Regulation (GDPR) Changes
 
Gdpr presentation
Gdpr presentationGdpr presentation
Gdpr presentation
 
Building a register of data processing
Building a register of data processingBuilding a register of data processing
Building a register of data processing
 
GDPR Readiness
GDPR ReadinessGDPR Readiness
GDPR Readiness
 
GDPR
GDPRGDPR
GDPR
 
GDPR: Your Journey to Compliance
GDPR: Your Journey to ComplianceGDPR: Your Journey to Compliance
GDPR: Your Journey to Compliance
 
Data breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processorsData breaches, privacy programs and what will change for processors
Data breaches, privacy programs and what will change for processors
 

Similar to 12 steps to prepare for GDPR

A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
Neha Patel
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
Jim Wilson
 

Similar to 12 steps to prepare for GDPR (20)

GDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-stepsGDPR Preparing for-the-gdpr-12-steps
GDPR Preparing for-the-gdpr-12-steps
 
Are you GDPR ready for EU General Data Protection Regulation?
Are you GDPR ready for EU General Data Protection Regulation?Are you GDPR ready for EU General Data Protection Regulation?
Are you GDPR ready for EU General Data Protection Regulation?
 
GDPR - what you need to know
GDPR - what you need to know GDPR - what you need to know
GDPR - what you need to know
 
How to get started with being GDPR compliant
How to get started with being GDPR compliantHow to get started with being GDPR compliant
How to get started with being GDPR compliant
 
General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018General data protection regulation gdpr audit 2018
General data protection regulation gdpr audit 2018
 
GDPR Audit 2018
GDPR Audit 2018GDPR Audit 2018
GDPR Audit 2018
 
Are you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist WhitepaperAre you GDPR Ready? Checklist Whitepaper
Are you GDPR Ready? Checklist Whitepaper
 
How will GDPR affect small businesses?
How will GDPR affect small businesses?How will GDPR affect small businesses?
How will GDPR affect small businesses?
 
GDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc MichaelsGDPR Ready Presentation - Marc Michaels
GDPR Ready Presentation - Marc Michaels
 
GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365 GDPR Compliance with Microsoft 365
GDPR Compliance with Microsoft 365
 
Are you GDPRed yet?
Are you GDPRed yet?Are you GDPRed yet?
Are you GDPRed yet?
 
2018 Client Briefing GDPR
2018 Client Briefing GDPR2018 Client Briefing GDPR
2018 Client Briefing GDPR
 
GDPR Changing Mindset
GDPR Changing MindsetGDPR Changing Mindset
GDPR Changing Mindset
 
Horner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPRHorner Downey & Co Newsletter- GDPR
Horner Downey & Co Newsletter- GDPR
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
GDPR Seminar Slides
GDPR Seminar SlidesGDPR Seminar Slides
GDPR Seminar Slides
 
A Brief Overview on GDPR
A Brief Overview on GDPRA Brief Overview on GDPR
A Brief Overview on GDPR
 
GDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratgGDPR most actionable cheatsheet and checklist by cyberstratg
GDPR most actionable cheatsheet and checklist by cyberstratg
 
The Basics of GDPR
The Basics of GDPR The Basics of GDPR
The Basics of GDPR
 
GDPRIBMWhitePaper
GDPRIBMWhitePaperGDPRIBMWhitePaper
GDPRIBMWhitePaper
 

More from Gary Chambers

Professional Indemnity
Professional IndemnityProfessional Indemnity
Professional Indemnity
Gary Chambers
 

More from Gary Chambers (20)

Cyber Security Breaches Survey 2018
Cyber Security Breaches Survey 2018Cyber Security Breaches Survey 2018
Cyber Security Breaches Survey 2018
 
Millennially Minded - Future of Work
Millennially Minded - Future of WorkMillennially Minded - Future of Work
Millennially Minded - Future of Work
 
Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018Cyber Risks - Legal innovation 2018
Cyber Risks - Legal innovation 2018
 
UK Employee Absence - Provided by Raconteur
UK Employee Absence - Provided by RaconteurUK Employee Absence - Provided by Raconteur
UK Employee Absence - Provided by Raconteur
 
The Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by RaconteurThe Wannacry Effect - Provided by Raconteur
The Wannacry Effect - Provided by Raconteur
 
Banned buzzwords by Raconteur
Banned buzzwords by RaconteurBanned buzzwords by Raconteur
Banned buzzwords by Raconteur
 
Benefits of Cyber Insurance
Benefits of Cyber InsuranceBenefits of Cyber Insurance
Benefits of Cyber Insurance
 
Regulatory Update - Criminal finances Act
Regulatory Update - Criminal finances ActRegulatory Update - Criminal finances Act
Regulatory Update - Criminal finances Act
 
Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017Cyber Risks & Liabilities - Sept/Oct 2017
Cyber Risks & Liabilities - Sept/Oct 2017
 
Energy Efficiency Insurance Brochure
Energy Efficiency Insurance BrochureEnergy Efficiency Insurance Brochure
Energy Efficiency Insurance Brochure
 
Risk Insight - Employee Internet Usage at Work
Risk Insight - Employee Internet Usage at WorkRisk Insight - Employee Internet Usage at Work
Risk Insight - Employee Internet Usage at Work
 
Employment Law - Criminal Record Checks
Employment Law - Criminal Record ChecksEmployment Law - Criminal Record Checks
Employment Law - Criminal Record Checks
 
HSE Safety Cornerstones - August 2017
HSE Safety Cornerstones - August 2017HSE Safety Cornerstones - August 2017
HSE Safety Cornerstones - August 2017
 
HSE Business Plan2017/18
HSE Business Plan2017/18HSE Business Plan2017/18
HSE Business Plan2017/18
 
News brief - Spring Budget 2017 highlights
News brief - Spring Budget 2017 highlightsNews brief - Spring Budget 2017 highlights
News brief - Spring Budget 2017 highlights
 
HR Brief - First Quarter
HR Brief - First QuarterHR Brief - First Quarter
HR Brief - First Quarter
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
 
Cyber risks and liabilities February 2017
Cyber risks and liabilities February 2017Cyber risks and liabilities February 2017
Cyber risks and liabilities February 2017
 
2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UK2016 Cyber Security Breaches Survey for the UK
2016 Cyber Security Breaches Survey for the UK
 
Professional Indemnity
Professional IndemnityProfessional Indemnity
Professional Indemnity
 

Recently uploaded

👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
rajveerescorts2022
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
dollysharma2066
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
Workforce Group
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Anamikakaur10
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Sheetaleventcompany
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
uneakwhite
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
daisycvs
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
dlhescort
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
amitlee9823
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
kapoorjyoti4444
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
amitlee9823
 

Recently uploaded (20)

👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
👉Chandigarh Call Girls 👉9878799926👉Just Call👉Chandigarh Call Girl In Chandiga...
 
Value Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and painsValue Proposition canvas- Customer needs and pains
Value Proposition canvas- Customer needs and pains
 
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
Call Girls Service In Old Town Dubai ((0551707352)) Old Town Dubai Call Girl ...
 
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
FULL ENJOY Call Girls In Mahipalpur Delhi Contact Us 8377877756
 
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLJAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
JAYNAGAR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Cracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptxCracking the Cultural Competence Code.pptx
Cracking the Cultural Competence Code.pptx
 
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
Cheap Rate Call Girls In Noida Sector 62 Metro 959961乂3876
 
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
Call Now ☎️🔝 9332606886🔝 Call Girls ❤ Service In Bhilwara Female Escorts Serv...
 
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 MonthsSEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
SEO Case Study: How I Increased SEO Traffic & Ranking by 50-60% in 6 Months
 
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
Call Girls Zirakpur👧 Book Now📱7837612180 📞👉Call Girl Service In Zirakpur No A...
 
Uneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration PresentationUneak White's Personal Brand Exploration Presentation
Uneak White's Personal Brand Exploration Presentation
 
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai KuwaitThe Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
The Abortion pills for sale in Qatar@Doha [+27737758557] []Deira Dubai Kuwait
 
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
Call Girls in Delhi, Escort Service Available 24x7 in Delhi 959961-/-3876
 
It will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 MayIt will be International Nurses' Day on 12 May
It will be International Nurses' Day on 12 May
 
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
Call Girls Kengeri Satellite Town Just Call 👗 7737669865 👗 Top Class Call Gir...
 
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRLBAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
BAGALUR CALL GIRL IN 98274*61493 ❤CALL GIRLS IN ESCORT SERVICE❤CALL GIRL
 
Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1Katrina Personal Brand Project and portfolio 1
Katrina Personal Brand Project and portfolio 1
 
Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024Marel Q1 2024 Investor Presentation from May 8, 2024
Marel Q1 2024 Investor Presentation from May 8, 2024
 
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
Nelamangala Call Girls: 🍓 7737669865 🍓 High Profile Model Escorts | Bangalore...
 
How to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League CityHow to Get Started in Social Media for Art League City
How to Get Started in Social Media for Art League City
 

12 steps to prepare for GDPR

  • 2. Presented by PIB Insurance Brokers On 25 May 2018, the General Data Protection Regulation (GDPR) comes into effect in the EU and across the United Kingdom. The GDPR replaces the Data Protection Act (DPA) and ushers in expanded rights to individuals and their data, and places greater obligations on businesses and other entities that process personal data. Many of the GDPR’s main concepts and principles are the same as those in the DPA, so if you are complying properly with the DPA much of your approach to compliance will remain valid under the GDPR and can be a starting point to build from. However, there are new elements and significant enhancements, so you will have to do some things for the first time and some things differently. It is essential to plan your approach to GDPR compliance now and to gain buy-in from key people in your organisation. That is why PIB Insurance Brokers is here with guidance and a checklist from the Information Commissioner’s Office (ICO) to help you prepare for compliance in 2018. Compliance with all the areas listed in this checklist will require you to review your approach to governance and how you manage data protection. Use the following checklist to map out which parts of the GDPR will have the greatest impact on your business model, and create a plan to focus on those areas in your planning process. STEP 1: AWARENESS Make sure that decision makers and key people in your organisation are aware that the law is changing. They need to appreciate the GDPR’s impact. YES NO ADDITIONAL NOTES Are the key decision makers at your organisation aware that the GDPR will force you to change the way you conduct business? Do the key decision makers know how the GDPR will affect your organisation? Do the key decision makers at your organisation know what the requirements of the GDPR are? Do the key decision makers at your organisation have a plan for how you will become GDPR compliant?
  • 3. STEP 3: COMMUNICATING PRIVACY INFORMATION Review your current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. YES NO ADDITIONAL NOTES Has your organisation reviewed its current privacy notices? Does your organisation have a plan in place for making necessary changes to your privacy notices? Does your organisation know what changes need to be made in order to comply with the GDPR? STEP 4: INDIVIDUALS’ RIGHTS Check your procedures to ensure they cover individuals’ rights, including how you would delete personal data or provide data electronically in a commonly used format. YES NO ADDITIONAL NOTES Do your procedures cover all the rights that individuals have under the GDPR? Do your procedures allow individuals to delete their personal data? When deleting personal data, would your systems help you locate and delete data? Who will make the decisions about deletion? Do your procedures provide individuals with their data electronically and in a commonly used format? STEP 5: SUBJECT ACCESS REQUESTS Update your procedures and plan how you will handle requests within the new timescales and provide any additional information. YES NO ADDITIONAL NOTES Has your organisation updated its procedures for how you will handle subject access requests? Will your organisation be able to comply with subject access requests within one month, rather than the DPA’s 40 days? Does your organisation have a plan for how it will handle subject access requests? Is your organisation ready to refuse a request, which will involve you telling the individual why and that they have the right to complain to the supervisory authority and to a judicial remedy? Will you be able to do this without undue delay, and within one month? Is your organisation able to provide additional information upon request about subject access?
  • 4. STEP 6: LAWFUL BASIS FOR PROCESSING PERSONAL DATA Identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it. YES NO ADDITIONAL NOTES Has your organisation identified the lawful basis for your processing in the GDPR? Does your organisation have a method to document how you process personal data? Has your organisation updated your privacy notice to reflect the lawful basis for processing personal data? STEP 7: CONSENT Review how you seek, record and manage consent, and whether you need to make any changes. Refresh existing consents now if they don’t meet the GDPR standard. YES NO ADDITIONAL NOTES Has your organisation reviewed how it seeks consent? Has your organisation reviewed how it records consent? Has your organisation reviewed how it manages consent? Does your organisation need to make any changes in its process of obtaining consent? Does your organisation have simple ways for people to withdraw consent? Is your consent separate from other terms and conditions? Can your organisation’s existing consents be updated to meet the GDPR standard, meaning are they specific, granular, clear, prominent, opt-in, properly documented and easily withdrawn? STEP 8: CHILDREN Think about whether you need to put systems in place to verify individuals’ ages and to obtain parental or guardian consent for any data processing activity. YES NO ADDITIONAL NOTES Does your organisation have a system in place to verify individuals’ ages? Does your organisation have a system in place to obtain parental or guardian consent for any data processing activity?
  • 5. STEP 9: DATA BREACHES Make sure you have the right procedures in place to detect, report and investigate a personal data breach. YES NO ADDITIONAL NOTES Does your organisation have a procedure in place to detect a personal data breach? Now that the GDPR introduces a duty on all organisations to report certain types of data breaches to the ICO, and, in some cases, to individuals, does your organisation have a procedure in place to report a personal data breach? Does your organisation have a procedure in place to investigate a personal data breach? Does your organisation need to assess the type of personal data it holds and document when it would be required to notify the ICO or affected individuals if a breach occurred? STEP 10: DATA PROTECTION BY DESIGN AND DATA PROTECTION IMPACT ASSESSMENTS Familiarise yourself with the ICO’s code of practice on privacy impact assessments as well as the latest guidance from the Article 29 Working Party, and figure out how and when to implement them in your organisation. YES NO ADDITIONAL NOTES Is your organisation familiar with the ICO’s code of practice on privacy impact assessments? Does your organisation have a strategy on how and when to implement the ICO’s code of practice on privacy impact assessments? Is your organisation familiar with the latest guidance from Article 29 Working Party? Does your organisation know how and when to implement Article 29 Working Party? Does your organisation know whether it is required to undertake a data protection impact assessment (DPIA)? DPIAs are required in situations where data processing is likely to result in high risk to individuals, such as when a new technology is deployed or when a profiling operation is likely to significantly affect individuals. STEP 11: DATA PROTECTION OFFICERS Designate someone to take responsibility for data protection compliance and assess where this role will sit in your organisation’s structure and governance arrangements. Consider whether you are required to formally designate a data protection officer. YES NO ADDITIONAL NOTES Has your organisation designated someone to take responsibility for data protection compliance? Has your organisation considered whether it is required to formally designate a data protection officer (DPO)? You must designate a DPO if you are a public authority, an organisation that carries out regular and systematic monitoring of individuals on a large scale, or an organisation that carries out the large scale processing of special categories of data, such as health records or information about criminal convictions. Has your organisation assessed where the data protection officer(s) will sit within your organisation’s structure and governance arrangements?
  • 6. STEP 12: INTERNATIONAL If your firm operates in more than one EU member state, including carrying out cross-border processing, you should determine your lead data protection supervisory authority. Article 29 Working Party guidelines will help you. YES NO ADDITIONAL NOTES Does your organisation operate in more than one EU member state? If your organisation has establishments in more than one EU member state or you have a single establishment that carries out processing that substantially affects individuals in other EU states, has your organisation mapped out where it makes its most significant decisions about its processing activities? This will help to determine your ‘main establishment’ and, therefore, your lead supervisory authority. Has your organisation determined your lead data protection supervisory authority? Use Article 29 Working Party guidelines to determine this. This checklist is of general interest and is not intended to apply to specific circumstances. It does not purport to be a comprehensive analysis of all matters relevant to its subject matter. The content should not, therefore, be regarded as constituting legal advice and not be relied upon as such. In relation to any particular problem which they may have, readers are advised to seek specific advice. Further, the law may have changed since first publication and the reader is cautioned accordingly. Contains public sector information published by the ICO and licensed under the Open Government Licence v3.0. Design © 2017 Zywave, Inc. All rights reserved.