In the first two blogs, we set out key steps for starting GDPR compliance projects, along with some IT Governance solutions should you need any extra help. This third and final blog covers steps 7–9.
7) Create or improve key policies and processes
According to Article 30 of the GDPR, companies will be required to record personal data processing activities including, but not limited to, the categories of data being processed, the categories of recipients of the data and time limits for keeping the data.
Each business will also need a privacy notice and a data protection policy; also, to update or review contracts with employees and suppliers to ensure they are compliant. Data subject access requests, incident reporting and data breach reporting will all need written processes as well.
The EU GDPR Documentation Toolkit is a complete set of GDPR-compliant templates that are easy to use and customizable. It includes all the processes outlined above as well as other helpful documents, e.g.as a data protection officer job description.
8) Communications strategy
As your business becomes GDPR compliant, staff need to understand and follow the new processes and procedures. Training new staff and enabling continued staff awareness through regular refreshers is essential.
The GDPR Staff Awareness E-learning Course is a simple-to-use, interactive, modular eLearning program that introduces the GDPR and key compliance obligations.
9) Monitor, audit and improve