GDPR – ten key actions to take today

Our new course on the GDPR includes key actions and advice to help ensure you are compliant. Here are ten key recommendations taken from the course.

One: Identify all categories of data

Your organisation needs to identify all categories of data that are being held, the purpose for which the data is held and how it is being processed. By doing this the organisation will become familiar with the personal data ecosystem within the organisation.

Two: Record a clear description of data

The following questions should be asked of those people that are responsible for collating personal data.

1. What process is it needed for? (eg Admissions, recruitment)
2. How is security maintained?
3. Who has access to the information?
4. Who manages the data?
5. Who are the data subjects?
6. What is the source of the data?
7. What software is used? (If any)
8. Where does the data go inside the organisation?
9. How is the data stored?
10. Does the data leave the organisation?
11. Does data flow outside of borders? (That is national borders to areas not covered by GDPR).

Three: Run a data audit

The ICO has several self-assessment checklists that you can use. On completion, a report will be created that gives clear indications of where your strengths and areas for improvement are.

Four: Appoint a Data Protection Officer (DPO)

The GDPR means that some organisations will need to appoint a Data Protection Officer. You will need to appoint a DPO if:

• you are a public authority (except for courts acting in their judicial capacity);
• your core activities require large scale, regular and systematic monitoring of individuals (for example, online behaviour tracking); or
• your core activities consist of large scale processing of special categories of data or data relating to criminal convictions and offences.

Five: Pay your data controller fee (if relevant)

Under the GDPR a data controller may be required to pay a fee to the ICO. The amount paid is based upon the relative risk of data processing, and the size and turnover of the organisation. There are some exceptions, including public authorities, charities and small occupational pension schemes. You can check what fees need to be paid by referring to the ICO website 

Six: Complete a Data Protection Impact Assessment (DPIA)

A DPIA is a process that helps identify and minimise the data protection risks of a project. A DPIA must be undertaken before you introduce any process which is likely to result in a high risk to individuals’ interests. 

It is good practice to carry out a DPIA if any data system is being introduced that involves using personal data in a way it has not been used before, or new data is being collected for a new purpose. When carrying out a DPIA it is important you consult your DPO (if you have one) or seek expert advice. 

Seven: Check your suppliers’ accreditation

 It is a criminal offence for any organisation to use any company for disposing of data, or for recycling IT equipment they no longer need, unless that organisation has the correct accreditation. 

Eight: Respect the new rights for ‘data subjects’

Anyone, anywhere, who has data held on them by an organisation is a data subject under the GDPR 2018, and everyone has more rights regarding how their data is held, used and disposed of.

Their rights are: 

• The right to be informed 
• The right of access
• The right of rectification 
• The right to erasure 
• The right to restrict processing 
• The right to data portability 
• The right to object
• Rights in relation to automated decision-making or profiling

Nine: Develop clear policies and protocols

Your organisation should have clear policies and protocols in place that you should follow and regularly review to ensure you are GDPR compliant. You should also know who the data protection officer is in your establishment (if you have one); they will be able to support you with any queries you may have with the GDPR and what to do in the event of a breach or subject access request.

Policies and procedures will vary within different organisations.

Ten: Stay calm

Remember, if your organisation is already complying with the Data Protection Act, then you are well on your way to being ready for the GDPR. Being methodical and keeping calm will help ensure you are in control of your data and working in line with the new regulation.

---

The above information has been taken from our latest GDPR course 'A Practical Guide to the GDPR'. The course outlines key elements of the General Data Protection Regulation in an organisational setting and will help you to understand:

1. what personal data is and how it is used
2. why there is a need for change in data protection
3. the new GDPR
4. new legal requirements
5. data maps
6. Impact Assessments
7. disposing of data and recycling
8. new rights for ‘data subjects’
9. promoting good practice

The course concludes with ten thought-provoking practical scenarios that cover issues such as Confidential Waste, Data Storage, CCTV, encrypted emails and managing visitors, and provides possible solutions to those issues.

The course costs £20.00 and you can buy online today.

Buy

Get in touch to find out more

Country: --None-- United Kingdom Abkhazia Afghanistan Åland Islands Albania Algeria American Samoa Andorra Angola Anguilla Antigua and Barbuda Argentina Armenia Aruba Australia Austria Azerbaijan Bahamas Bahrain Bangladesh Barbados Belarus Belgium Belize Benin Bermuda Bhutan Bolivia, Plurinational State of Bosnia and Herzegovina Botswana Bouvet Island Brazil British Indian Ocean Territory British Virgin Islands Brunei Darussalam Bulgaria Burkina Faso Burundi Cabo Verde Cambodia Cameroon Canada Cayman Islands Central African Republic Chad Chile China Christmas Island Cocos (Keeling) Islands Colombia Comoros Congo Congo, Democratic Republic of the Cook Islands Costa Rica Côte d'Ivoire Croatia Cuba Curaçao Cyprus Czech Republic Denmark Djibouti Dominica Dominican Republic Ecuador Egypt El Salvador Equatorial Guinea Eritrea Estonia Ethiopia Falkland Islands Faroe Islands Fiji Finland France French Guiana French Polynesia French Southern and Antarctic Lands Gabon Gambia Georgia Germany Ghana Gibraltar Greece Greenland Grenada Guadeloupe Guam Guatemala Guernsey Guinea Guinea-Bissau Guyana Haiti Heard Island and McDonald Islands Holy See Honduras Hong Kong Hungary Iceland India Indonesia Iran, Islamic Republic of Iraq Ireland Isle of Man Israel Italy Jamaica Japan Jersey Jordan Kazakhstan Kenya Kiribati Korea, Democratic People's Republic of Korea, Republic of Kosovo Kuwait Kyrgyzstan Lao People's Democratic Republic Latvia Lebanon Lesotho Liberia Libya Liechtenstein Lithuania Luxembourg Macao Macedonia, the former Yugoslav Republic of Madagascar Malawi Malaysia Maldives Mali Malta Marshall Islands Martinique Mauritania Mauritius Mayotte Mexico Micronesia, Federated States of Moldova, Republic of Monaco Mongolia Montenegro Montserrat Morocco Mozambique Myanmar Nagorno-Karabakh Namibia Nauru Nepal Netherlands New Caledonia New Zealand Nicaragua Niger Nigeria Niue Norfolk Island Northern Cyprus Northern Mariana Islands Norway Oman Pakistan Palau Palestine, State of Panama Papua New Guinea Paraguay Peru Philippines Pitcairn Poland Portugal Puerto Rico Qatar Réunion Romania Russian Federation Rwanda Sahrawi Arab Democratic Republic Saint Barthélemy Saint Helena, Ascension and Tristan da Cunha Saint Kitts and Nevis Saint Lucia Saint Martin Saint Pierre and Miquelon Saint Vincent and the Grenadines Samoa San Marino São Tomé and Príncipe Saudi Arabia Senegal Serbia Seychelles Sierra Leone Singapore Sint Maarten Slovakia Slovenia Solomon Islands Somalia Somaliland South Africa South Georgia and the South Sandwich Islands South Ossetia South Sudan Spain Sri Lanka Sudan Suriname Swaziland Sweden Switzerland Syrian Arab Republic Taiwan Tajikistan Tanzania, United Republic of Thailand Timor-Leste Togo Tokelau Tonga Transnistria Trinidad and Tobago Tunisia Turkey Turkmenistan Turks and Caicos Islands Tuvalu U.S. Virgin Islands Uganda Ukraine United Arab Emirates United States of America Uruguay Uzbekistan Vanuatu Venezuela, Bolivarian Republic of Wallis and Futuna Yemen Zambia Zimbabwe Vietnam
Post/Zip Code:
Job Role: --None-- Academic Registrar Account/Agency/Advertising Account Co-Coordinator Account Controller Account Co-ordinator Account Executive Administration / Office Admin Manager Artwork Provider Assessm. Coordinator Assistant Head Assistant Headteacher /Principal Assistant Principal Bursar Business Director Business Manager Catering Mgr/Superv. CEO / Managing Director Chairman Chair of Governors Chancellor Chief Executive Officer (CEO) Chief Sci. Lab. Tech Child protection Clerk to the Governor Dean Deputy Director Deputy Director of Education Deputy Head Deputy Head of Department Deputy Headteacher/Principal Deputy-Vice Head / Principal / Director Dep Vice Chancellor Development Director Director Director Development Director HR Director of Childrens Services Director of Education Director of Finance Education Director Education Manager Executive Head Executive Headteacher/Principal Finance Finance / Procurement Fund Raising Officer Gold / Silver Contact Head / Director of Dept-Faculty Head / Director of Subject Head / Principal / Chancellor Head of Art Head of assessment Head of Biology Head of Boys PE Head of Bus. Studies Head of Business Head of Careers Head of Chemistry Head of Citizenship Head of Classics Head of Department Head of Drama Head of Economics Head of English Head of Faculty Head of Geography Head of Girls PE Head of History Head of HR Head of Humanities Head of IT Head of Journalism Head of Law Head of Maths Head of Media Studs Head of Media Study Head of Mod.Language Head of Music Head of Nursery Head of Nursery/PreS Head of PE Head of Personnel Head of Philosophy Head of Physics Head of Politics Head of PSE Head of Psychology Head of PTA Head of Recept.Class Head of Rel. Studies Head of School Head of Science Head of Sixth Form Head of Sociology Head of Special Need Head of SPS Head of Subject Head of Technology Head of Vocat. Edu. Head of Year Head of Year 1 Head of Year 10 Head of Year 11 Head of Year 2 Head of Year 3 Head of Year 4 Head of Year 5 Head of Year 6 Head of Year 7 Head of Year 8 Head of Year 9 Headteacher Headteacher/ Principal Health/Safety Offic. HR / Recruitment / Retention HR Director HR Manager HR Officer ICT Coordinator INSET Co-ordinator International Office Keystage 1 Co-ordin. Keystage 2 Co-ordin. Keystage 3 Co-ordin. Keystage 4 Co-ordin. Lecturer Librarian Managing Director Market.& Dev. Dir. Marketing Marketing / Communications Marketing Manager Media Assistant Media Buyer Media Planner NQT Co-ordinator Office Manager Operations Operations Manager PA / Assistant to Head / Principal / Director Parent Pastoral / Welfare PA to Headteacher PA to Headteacher /Principal Personnel Director Personnel Manager Personnel Officer Planning/Strategy President Press Comm. Manager Principal Pro Vice Chancellor Provost Public Relations (PR) Recrtmnt Secretary Recruitment Manager Recruitment Officer Rector Resource Manager Safeguarding School Governor School Manager School Nurse School Secretary School Trip Organis. SENDco Senior Advisor Site Manager Strategic Business / Planning Student Student Services Supply Booker Support Role Teacher Timetabler Trainee Teacher Unknown Vice / ProVice / Deputy Chancellor Vice Chancellor Vice President Vice Principal Other
Requirement: --None-- I am a customer and I have a problem I am looking to buy a product for myself I am looking to buy a product for my organisation
Organisation Type: --None-- British Universities Charity Children & Young People Services College Company Educational Body English Colleges English Primary Schools English Secondary Schools English SEN Schools & Colleges International Schools & Colleges International Universities LA Head Office Library Mainstream School Northern Irish Schools & Colleges Other LA Other Organisations Private Individual Pupil Referral Unit(PRU) Scottish Schools & Colleges Secure Unit Special Needs Supply Agency University Welsh Schools & Colleges N/A
 

Return to news

Related articles: