Click here to view the video.
Sally Mewies: So welcome to the final video in our series of GDPR Compliancy Check Lists. We have looked at all the different things that you should be doing through 2017 in order to get your business ready for the launch date on 25 May 2018. We're now in 2018 and it's our final video so what we thought we would do in this one is just a recap of the things that you should have done and just the final check list before we go live in May.
So Rocio, we have talked about all the different aspects of GDPR, the challenges, the new parts, the DPO appointments. We've talked quite a bit as well about notices, privacy notices, and all the documentation. What should you be doing now in terms of final run in to May?
Rocio De La Cruz: Well one important thing is that, that perhaps you might have been doing from time to time during all this time but definitely if you haven't, it's something to do now is look for legal updates whether or not the members states implemented some derogations to, for example, some conditions for processing sensitive personal data, or special category of personal data, looking for further guidance issued by the Article 29 working party. So during 2017 we have been told that the Article 29 working party is going to issue further guidance with regards to the Lead supervisory authority, consent, fair process for processing, risk assessments process for processing, risk assessments, privacy impact assessments and other issues that will need to be considered like for example code of conduct, certifications, transfer of data for the transfer of data out of the EEA. And another thing, once you have got all the documents and now you test all these documents and you understand and they are suitable and they work then it's time to think about training all the staff for them to use that policies and for them to be aware of all the requirements, the new requirements under the GDPR. So it's time for drafting or updating or the e-learning models that you use or other training samples that you can use and rolling out, so it's time to go live, it's time to roll out.
Sally: And you mentioned derogations Rocio, I think it's just work pausing on that point isn't it, because there is ability even though in the GDPR it's intended to be uniform across all of the European countries and the reason for that of course is that there have been challenges with everybody implementing the original Data Protection directives slightly differently, so the idea about this is uniform and consistent. But of course there is acknowledgement in the legislation that there may be some exceptions or derogations by individual member states. Can you just tell us where we might expect to see those derogations so that people can be on the lookout for them in case they do impact what they're doing in their business?
Rocio: Yes, there might be some derogations on the transfer of data, there might be some derogations on the information that you need to disclose to individuals if they request for information depending on, for example, matters of national security or if it is important for legal claims or for employment issues. There might be some additional conditions in order to possess special categories of personal data so, many bits.
Sally: Yeah, so it's definitely worth keeping an eye on that because that may mean that you have to update policies look again at how you're doing things in certain areas.
Rocio: Yeah, that's correct.
Sally: And as you say, get training, get the policies rolled out and you're ready to go.
Sally: So that completes our GDPR Compliance Check List, we hope you've found it useful and good luck.