GDPR Logo - top tips

  1. Do you have ‘consent’ in place for every individual’s personal information you hold on your files and systems?
  2. Is there a ‘privacy policy statement’ on your consent forms, terms and conditions and contract agreements?
  3. Make it plainly evident what kind of personal information you collect.
  4. Explain what you will do with their personal data and how it is stored.
  5. Spell out what security measures you have in place for holding their personal information.
  6. Tell them specifically who you will share their personal information with.
  7. Be transparent and give them the option to unsubscribe on all your manual and electronic correspondence, e.g. website, emails, newsletters.
  8. Make ‘subject access requests’ easy to process.
  9. Double check that all your electronic platforms, cloud based solutions comply with the GDPR.
  10. Make sure your privacy impact assessments are kept up to date.

Final question: do you understand what a breach might look like and how to deal with it?