THE new Government Data Protection Regulation (GDPR) comes into place in May 2018 replacing the current Data Protection Act.

If you or your business capture, handle, store or share any kind of personal/ customer data, then GDPR applies to you and it’s your responsibility to ensure you are compliant. You will also need to ensure that you have given your employees clear guidance on the regulations and procedures that need to be in place. I have pulled together a simple checklist:

l Update your privacy notices.

All privacy notices need to be audited, and amended so that they comply with the new guidelines. You could also send your customers an email to follow this up.

l Is your customer data up to date?

Any personal data and information you might store about your customers needs to be accurate and up-to-date. If you share any data with another organisation, you must also ensure this is also up to date and accurate. If any changes to data are made, you need to record these changes, to keep an accurate record of the amendments.

l What happens if a customer wants to see the data you hold about them?

The new regulations will mean that everyone will have much better access to any of the personal data that a business stores about them. Legally they will be allowed to view all of this this data as well as making it clear on what information and how you can send it to them (e.g emails). Individuals can also request for you to delete all data you have on them.

l Where do you store your customers data?

GDPR will enforce much stricter rules on businesses to ensure that you are taking all measures to prevent data theft, loss, or other breach. You will need to show that you have put measures in place in regards to security software, physical security, and other aspects such as any recovery plans should Data be lost or stolen.

Should you experience a breach you must let the Information Commissioner’s Office (ICO) know immediately.