What to do about GDPR
Use this checklist to help your organisation to prepare for GDPR. The checklist includes: appointing someone senior to oversee the process, reviewing existing information and cyber security, mapping your data, reviewing contracts with clients, suppliers (anyone who processes your data) and employees, drafting data protection policies and procedures, and training staff.
- Appoint someone senior to oversee the process
Getting ready for GDPR compliance is not just a matter for the IT department, so it is essential that
a senior member of staff (director, partner, senior manager) takes responsibility for overseeing the
process, allocating funds and resources as necessary.
- Review existing information and cyber security and update as necessary
Having comprehensive levels of information and cyber security is a key step towards building a resilient
- "Map" your data
Before you can assess what you need to do you need to know (‘map’) what data you have as this will
inform what you do next.
- Review contracts with clients, suppliers (anyone who processes your data) and employees to ensure GDPR compliant
As the GDPR (Articles 28-36) imposes new obligations on data controllers and data processors, you will
need to make sure you understand your status and your responsibilities with regard to both client data
and firm data.
- Draft (written) data protection policies and procedures
The GDPR introduces the principle of ‘accountability’. This means that all organisations must not only ensure they are compliant with the GDPR but prove this too.
- Train staff
Not all staff will need to understand the GDPR in its entirety but all staff should at least be aware that
data protection is an issue for everyone.
- For more guidance, helpsheets articles and webinars as well as engagement letter templates visit our GDPR resources section.