GDPR (General Data Protection Regulation) is important to your business for a number of reasons. Not least of which is that you should have control of your data and also only use that data for the reasons it was gathered. But also because now you have to ensure that any data you do keep is kept and used for the correct reasons.
GDPR will affect you in a number of ways:
- Employing staff, permanent, temporary or contractors
- Operating as a Business to Business (B2B) or Business to consumer (B2C)
- Privacy notice/standard relating to staff/customers
- GDPR policy
- Where you outsource data - a contract with third parties
- Where you process special data - documentation/record of your activities to demonstrate you are complying
Under the Regulations the definitions have been widened to include all kinds of personal data. Personal data is defined as “any information relating to a data subject”. This includes any expression of an opinion. A data subject is the identified or identifiable natural person to whom personal data relates. e.g. a data subject is an employee, contractor but this could also be a customer.
Questions To Ask Yourself
Some of the questions contained in our downloadable checklist include:
- Where did the data come from?
- What are we using it for/the purpose?
- Who will have access/use of the data internal external?
- Where is this being stored/held?
- What is the lawful basis for processing?
- How long are we keeping it for?
Our checklist covers these and many other questions you'll need to ask yourself.