How to Prepare for the New GDPR

By: In: Data Privacy & Protection On: Nov 11, 2016
How to Prepare for the New GDPR

It’s now less than two years until the EU’s General Data Protection Regulation (GDPR) comes into effect. In our last post we looked at the impact this will have upon organisations. Here, we outline the practical steps you can take to prepare for this new climate of increased regulation.

First of all, you need to arm yourself with the facts and bring these to the attention of key decision makers. If they understand the consequences of non-compliance, which can include fines of up to €20 million or 4 per cent of your annual turnover, whichever is the greater, you’ll be more likely to gain their support sooner rather than later.

At some point you will need to document the personal data you hold – where it came from and with whom it’s shared. Look within and outside your entire organisation and in specific areas. Consider the value of an information audit. At the same time review your privacy notices and policies and build a plan for accommodating change.

Your procedures should address all the rights given to individuals under the new laws. These include having inaccuracies corrected, erasing information and preventing direct marketing without consent. Make sure you know who is making decisions about deletion and if your systems support this. Don’t forget to explore data portability and the formats you use to supply information.

Update your procedures so you can handle requests within shorter timescales. If you deal with a lot of requests, you may want to invest in online access. You should also know why you’re collecting and using personal data and make sure you have a legal basis before you process it.

For many, it makes sense to turn to a trusted partner such as Iron Mountain. Our Professional Services experts are on hand to help explain what the changing regulations mean. They can empower you to keep control and mitigate risk at every stage of the information lifecycle, enabling you to meet and exceed your GDPR obligations.

If you’d like more information on getting ready for GDPR, download our practical guide and expert tips on How to Prepare for the General Data Protection Regulation (GDPR).

A Virus Backup Plan: Responding When the Worst Happens →

Leave A Comment

About the author

Phil Greenwood

Phil Greenwood is Country Managing Director & Commercial Director at Iron Mountain responsible for delivering information and records management solutions into the UK's largest Public, Private and NHS customers. Phil directs and runs specialist sector teams aligned to the sector specific requirements of Iron Mountain's clients. These requirements demand innovative solutions that deliver compliance and governance as well as efficiency and cost cutting in order to transform business results and improve the way organisations use their information. Phil has over 10 years' experience working with UK and International records management. He is involved with the UK Information and Records Management Society. Phil has worked within service delivery and customer facing roles, as well as in general management roles within the outsourcing and information management industries. Legally qualified, Phil has also spent time as a fee earner within law firms and has a strong understanding of the way that information and services drive the core business of client organisations.