What does this cover?

The Deputy Information Commissioner David Smith has published 5 key areas that business should look at now in preparation for the GDPR in his ICO blog this month.

These are:

  1. An assessment of where your organization relies on consent for the processing personal data.  This is in recognition of the increased threshold for obtaining consent under the GDPR and a move towards businesses relying on alternative processing conditions;
  2. Accountability – the GDPR will contain many record keeping requirements concerning data protection compliance.  The blog advises to get into the habit of doing this now.
  3. Staffing – leaving aside whether there is going to be a specific obligation to have a data protection office, do you have enough data protection expertise within your organization to carry out the extra compliance tasks?
  4. Privacy by Design and Privacy Impact Assessments – are these already a business as usual requirement within your organization?
  5. Breach management – recognizing compulsory breach notification is almost inevitable, do you have a breach management process in place which is tried and tested? 

The blog is available to read here.

What action could be taken to manage risks that may arise from this development?

Companies should consider feeding this into preparation for the GDPR project.