The GDPR deadline is 25 May 2018 and we expect most of you will be finalising your arrangements for compliance just now. The key point to address is to ensure that you have demonstrated “comprehensive but proportionate” governance measures.
- You should have trained all partners and employees on the GDPR (See: https://www.the2020group.com/product-category/webinars/gdpr/ for two free member training webinars);
- Have a GDPR file to hand with the Action Pack and a recording of your actions taken for compliance (a paper or electronic file);
- Sent a memo to all on GDPR (in the action pack);
- Reviewed all data held and ask “why is it held?” and “do you still need it?” and “is it safe?” e.g. Data on employees, clients, suppliers, third parties;
- Looked at your risk management processes to keep data safe; and
- Removed all “old” data you do not have a reason to hold.
It is also important to let clients and employees know about your procedures and their rights to any personal data held. The April update for the GDPR action pack comprises:
- Example paragraph for engagement letters.
- Example privacy statement – Personal data.
- Example paragraph for employee handbook and/or contract of employment.
These are example paragraphs and should be reviewed and tailored as you deem appropriate, pay attention to anything in italics as you will need to confirm the paragraph makes sense to your business. For example, if you use an Outsourcing company or use a Cloud accounting software supplier, data may be kept outside the EU and you need to inform employees and/or clients of this fact. The privacy statement can be part of your terms of business and kept on your web site and/or an appendix to your engagement letter(s), as you deem appropriate.
Also included is an Example email to prospects to stay in touch. You will have received several of these already from organisations you subscribe to asking you to update your details and preferences. We’ve kept this particular email for prospects, but you could send to existing clients if you so wish.
Editor, GDPR Action Pack
16 April 2018