With just over 13 months to go until the General Data Protection Regulations (GDPR) becomes effective, if your organisation has not started the process of getting GDPR ready then it is high time that you begin. Remember that the GDPR affects every organisation however big or small that processes personal data – which is any data which alone or together with other data held by the organisation can identify a living individual. As most organisations will process personal data on behalf of their employees, there are very few organisations therefore to which the GDPR will not apply.
The first thing that you need to do is carry out a data inventory in order to understand what personal data the organisation holds. Who has given the organisation personal data? What personal data have they given the organisation? What happens to the personal data after it has been collected? The more personal data that the organisation holds obviously the greater this task will be. If you are concerned that your IT systems may hold personal data that may be missed during the data inventory, then there are tools in existence which can scan for personal data hiding on your systems. If you require assistance in this regard contact firstname.lastname@example.org.
Next month’s blog will look at how to carry out an analysis of where your organisation is in relation to GDPR compliance and where you need to be by May 25th 2018.