How exactly should a business prepare for GDPR?

There are few hot topics around that are hotter than GDPR, but what should businesses be doing about it?

We have established a process for guiding companies through the pitfalls, which comes from our experience of working with a number of companies on their GDPR preparation over the past year. Here are the key elements of our approach and how we tackle them:

  • We start with a thorough investigation to determine where you currently have personal data stored and used within the organisation.
  • We would work with you to assess whether that data is actually required at all. If it is needed then we will establish, what it is required for, who requires it and for how long they need access to it.
  • We would work with you to define processes around obtaining permissions from the subjects and solutions for storage, access (including a suitable request process where relevant), retention and archiving.
  • Help to investigate where personal data is transferred between your organisation and others, including auditing your suppliers, customers and other organisations you interact with.
  • Help draft and implement policies and procedures to support the best practice management of personal data. With sufficient evidence to be able to demonstrate the rationale behind the policies.
  • Help establish an ongoing of programme of audit and continuous improvement, including procedures for managing any breaches of data security. Along with staff communication and training to ensure all staff are aware.

Our background in business analysis and process design means that we are very comfortable at this process. And as a software development company, where tools and systems are required to support any of the new procedures, we're expertly placed to help with this too.

By Daren Callow, Director, Verasseti