With less than 100 days to go, 25th May 2018 is coming round fast! We recognise that the General Data Protection Regulation (GDPR) can be daunting and we understand the challenges small business face with limited resources and conflicting demands on your time. The difficult thing is to know where to start to improve data protection and meet the requirements of GDPR. To help you overcome the fear factor, we outline three steps to get you started on your GDPR journey.
1. Pay your ICO fees
Any organisation in the UK processing personal data needs to pay fees to the UK regulator, the Information Commissioners Office (ICO) before 25th May 2018. This replaces the previous system of registering with the ICO. Find out more about ICO fees and requirements or visit the ICO website to pay.
2. Identify who takes the lead for GDPR
While everyone has a part to play in helping to keep data protected, one person must take accountability for making sure your organisation complies with the General Data Protection Regulation. It’s also a good idea to appoint someone who will take day-to-day responsibility for data protection and privacy management.
3. Identify the personal data you use
The next step is to work out what personal information your organisation uses – this includes data on employees and colleagues, customers or clients, suppliers and other contacts. You need to look at what information assets you have (i.e. the different types of data you hold), how you store them, who in your organisation owns each type of information and who has access to it.
These three steps create the foundation for protecting personal data in your organisation and get you on the right track.
Would you like more help? Create an account with Astrid today and gain FREE access to further guidance and tools to help you identify who takes the lead for GDPR and what personal data you use.
Protect your business - become and remain GDPR compliant with Astrid