Following on from any assessment of readiness steps (‘the plan’) will need to be taken as part of your journey towards GDPR compliance.
Depending on the outcome of the assessment you may need to look at the following:
- how you comply with the principles;
- how you lawfully process information;
- how you secure people’s consent;
- how you handle special [about health, race, ethnicity etc.] information;
- what information you give to people when you collect/ receive their data;
- what procedures you have in place if someone wishes to exercise their rights;
- whether you need to make a formal record of your processing activities;
- your information security i.e. the internal and external threats that exist to your information.
- your relationships with data processors i.e. those people who process information on your behalf;
- whether you need to undertake any privacy impact assessments;
- how your organisation might respond in the event of a personal data breach, and,
- whether you need to appoint a Data Protection Officer.
We can advise you in relation to all the above and more and offer support on an ad hoc basis through to full project management.
For further information please contact us.