Craft Focus - Dec 2017/Jan 2018 (Issue 64)

82 craft focus With the General Data Protection Regulation (GDPR) coming into effect in May 2018, businesses will need to introduce new policies and procures in order to achieve compliance, according to Paula Tighe, Information Governance Director at leading law firm Wright Hassall “It’s important that businesses take the time to fully understand the effects of GDPR, and give themselves time to implement the necessary changes. Devising a thorough plan months before its arrival is best practice, and it’s not a box-ticking exercise that can be left until the last minute,” comments Paula Tighe. Though the UK has left the EU, this has no impact on the change, and it doesn’t matter where your data comes from, if it’s used or processed in the EU, you must nevertheless comply with GDPR. RAISE AWARENESS AND REGISTER IT It’s crucial that your company appreciates the seriousness of non-compliance, and the potential damages you could face by not adhering to the rules. Begin by recording the transition process, as this can help prove your willingness to comply, and should protect you in the event of any claims. This record, known as the Data Register, will show what data you currently hold and your reason for processing it. It will also contain details on where the data originated from, and who supplied the data – this will help you meet accountability principles of GDPR. Compliance is not about stopping you from doing things – it’s designed to improve standards by questioning existing processes, and promoting changes where necessary. Start by reviewing your existing digital and hard copy format privacy notices and policies. Are they concise, written in clear language, easy to understand and easily found? Next, evaluate how you communicate GDPR: stop worrying, craft a plan and get moving