Like everything in business it is never too late to get something done, but it could be if you leave GDPR compliance much longer.
There are several free resources out there on the internet that may help with your GDPR compliance. We have listed a few below and what they do.
We are being repeatedly ask for help on this, and whilst it is not an accountancy matter per se we understand that we do have some part to play in helping you understand your responsibilities under GDPR and have to comply ourselves as both Controllers and Processors.
There are basic requirements that every business should be considering, and it isn’t as complicated as you may think. The Five W’s will help you out here:
Who do you hold data about?
Why do you hold it?
What do you do with it?
Where do you store it?
When will you delete it?
You can even add the sixth non W How did you get it?
Answer these simple questions and you are half way to achieving GDPR compliance as the answers will set you on the right track.
Here are some handy reference points that may help you along the journey, the most important part being the Information Audit. We have added a Word Document which you can download for free from here which should get you started on this process. There is a PDF of the file which is hosted on the GDPR Checklist site below which you can print and fill in by hand or write on if you have a stylus and tablet.
Once you understand what you need to put in your privacy notice then its time to write it, here is a handy document that will help you write your Privacy Notice courtesy of Thrive who you can find here
Other helpful tools to help you through the GDPR minefield.
GDPR Checklist – The first point of call a very simple and easy to understand checklist which explains your responsibilities, if you can put a tick in every box then you are GDPR compliant. Congratulations!
Searchable GDPR by algolia – Does exactly what it says on the tin, makes the EU GDPR Regulations fully searchable, if you want to search for the minute details you can.
The great thing about this tool is it removes one of the common misconceptions about consent:
1. Processing shall be lawful only if and to the extent that at least one of the following applies:
(a) the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
(b) processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
(c) processing is necessary for compliance with a legal obligation to which the controller is subject;
(d) processing is necessary in order to protect the vital interests of the data subject or of another natural person;
(e) processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
(f) processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
So we can see here that we don’t have to constantly ask for consent, especially most of our clients who will be obtaining the personal data in order to complete a contract of sale or purchase. However if you are one of those businesses that would like to market to their customers then you are going to need explicit consent, and in most cases this means you will need to use your email marketing tool to get the confirmation you require.
GDPR Statements from 3rd Parties Here you can find GDPR statements from the companies that you may use to store data, very useful resource when considering what to put in your privacy notice.
GDPR Email Copy Here you can find some great email templates for use in any given situation covered by GDPR.
Ultimate GDPR Quiz Finally when you think you’ve done everything you need to do, take the GDPR Quiz and see how well they think you have done. If you get 10/10 well done you are ready for GDPR and have nothing to worry about!