Top Five Areas of GDPR to Focus on Now
Article by Alistair Wood
Mon 21 May 2018
With five days to go before the 25th of May, we have pulled together our top five areas every publisher should be looking at to aid their compliance.
- Protect Against A Data Breach – with so many areas to focus on with your GDPR preparations, it’s important to focus on your attention on the areas with the biggest risk or areas where things could really go wrong. Historically, the ICO have handed out the biggest fines to companies who have had a data breach, including a £400k fine to both TalkTalk and Carphone Warehouse. It’s important to build a defensible position by making sure you have the right systems in place, ensure all your staff are well trained in data security, test your security using regular penetration tests, retain your server logs to aid any investigations. This is a very complex area and technology is changing all the time, so it’s also important you have the right experts or specialists on hand to make sure data is well looked after, and sometimes this means using a third-party supplier.
- Create Clear Procedures for Handling Customer Requests – come the 25th of May, individuals will be able to exercise a number of rights and now’s the time to ensure your customer-facing team are given the right training and tools in order to deal with the new type of customer requests. For example, if a customer rings up with a Subject Access Request, your team needs to know how to process that request quickly and efficiently within the 30-day allocated time period.
- Check Your Existing Communication Series– when using personal data, it’s important that you are clear on the legal basis you have for processing the data. For most publishers, this will either be Consent, Contract or Legitimate Interests. Many publishers have legacy communication series, and these need to be reviewed to ensure that a legal basis is in place to process the data throughout the user lifecycle. Have a close look - are you emailing a customer after expiry? What legal basis are you using to do this?
- Work With Your Partners - it is unlikely that you are handling data without the help of a third party... or multiple ones! They could be official 'data processors' who are processing data on your behalf, data centres/web services to host your data securely or software providers who write the systems to help you process data. However many 3rd parties you work with to handle personal data, make the most of their experience and expertise to help you through your own compliance. They will probably have done their own work to become GDPR ready, and you can often swap notes or share strategies with them. It's amazing how many tips you can pick up, or it could simply provide the reassurance you're on the right track and taking the right steps. They might also have developed their service or software to be GDPR ready which will specifically aid you with your own compliance. So, talk to your partners, and work with them to share notes, tips and strategies to accelerate your own journey to compliance.
To find out how ESco can help you with your GDPR compliance, even after the 25th of May, do Contact Us for further details.