There is much discussion around GDPR at the moment and while the information available is very valuable it can all get a bit too much sometimes.
If you have started down the road of getting ready for GDPR then that is great. However, if you are yet to start (and don’t worry, many others are in the same boat) then maybe we can help you a little.
When it comes to facing a challenge that appears too great, the overwhelming tendency is to delay and even ignore. Not such a good idea – as this will only bring more stress and hassle into your life. A good suggestion would be to start with small steps towards your goal and that will make the journey easier. Here are three quick things you can start to work on today that will help with your GDPR compliance.
Know the Information you hold
The first thing you can do is to document what personal data you currently hold. You will need to note where it came from and also who you share it with. In order to do this, you may need to organise an information audit. In simple terms this means creating a list of all the personal data that you hold. This can be information on customers, staff or other stakeholders for your business. Now is the ideal time to decide what information you will continue to hold and that which you can securely destroy.
Plan for Subject access requests
The individual now has more rights to request information that you hold on them. No doubt the general public will become more aware of this and you could be asked to provide a subject access request in the near future. Now is the time to update your procedures around this. It is time to plan how you will handle requests within the new timescales to be compliant. What methods will you employ to search for and provide any additional information? Searching through endless paper files may not be the most appealing job, so maybe this is when you consider scanning your files to create digital copies. By indexing this information, you could cut back on staff time spent on subject access requests for the future.
Plan for Data breaches
Another area of concern is around data protection and breaches of information. Take time now to make sure you have the right procedures in place to detect, report and investigate a personal data breach. By ensuring your information is stored securely, possibly in the cloud, then you will limit your exposure on this one. This is where digital files, or electronic copies become a great benefit.
Whatever your opinion on GDPR, it’s a reality now for Irish businesses and we can no longer bury our heads in the sand to ignore it. With fines and reputation loss the risks are too high not to take this seriously. When you are ready to take your first steps think about scanning and indexing your information to make the journey easier for you. Speak with the friendly team in Datascan for more information and to get a competitive quote.