Top 12 steps you need to take to prepare for GDPR

Data protection laws
Colin Swanston, Close Brothers By Colin Swanston, Close Brothers Asset Finance

10 July 2017

It's less than a year until the EU’s new data protection legislation takes effect. Colin Swanston, Managing Director of Close Brothers Asset Finance, highlights the key steps you must take to get business ready for GDPR changes.

The General Data Protection Regulation (GDPR) is intended to strengthen and unify data protection for individuals within the EU, but will also affect the UK.

It will ensure that all personal data has to be managed in a safe and secure way; has to be gathered lawfully; is only used for the purposes for which it was collected, and must be accurate and up-to-date.

With time running out, Close Brothers Asset Finance has created 12 key things you can do or think about to ensure your business is ready for GDPR.

1. Internal awareness

Ensure that all decision makers and key people in your business are aware of the change in law (to GDPR). It’s important everyone knows the impact this may have.

2. Document personal data

It is important to document any personal data you hold, including where it came from and who you share it with. Consider organising an information audit.

3. Review privacy information

Review your current privacy notices and implement a plan for making any necessary changes to it in time for GDPR implementation.

4. Understanding individuals’ rights

Evaluate your procedures to confirm they cover all the rights individuals have, including how you would delete personal data or provide data electronically and in a commonly used format.

5. Check your access requests timescales

Update your procedures and implement a plan for how you will handle requests within the new timescales and provide any additional information.

6. Legal basis for processing personal data

Analyse the various types of data processing you conduct as a business and identify your legal basis for carrying it out and document it.

7. Consent audit

Conduct an audit into how are you seeking, obtaining and recording consent. It is important you understand it in order to make any changes to this process.

8. Children – parental or guardian consent

Consider implementing a system to verify individuals’ ages and to gather parental or guardian consent for the data processing activity.

9. Data breaches

Make certain you have the necessary measures in place to detect, report and investigate a personal data breach.

10. Data protection impact assessment

Conduct an impact assessment within your business, which will help ensure you can deliver the required changes in time for GDPR.

11. Data protection officers

Designate a Data Protection Officer to be accountable for data protection compliance. Consider the position of this role within your business structure and governance measures.

12. International authorities

If your business operates internationally it is important to identify which data protection supervisory authority you come under.

If you would like to find out more or to contact a member of our team visit our dedicated ICAS website or call 01355 572 370.

Meet the industry specialists

Colin Swanston is the Managing Director of the Transport Division of Close Brothers Asset Finance based in Scotland. For over 30 years Colin has specialised in providing alternative asset funding to the Scottish SME Marketplace.

Close Brothers is a leading UK merchant banking group providing lending, deposit taking, wealth management services and securities trading. Established in 1878, Close Brothers Group plc employ 2,900 people, principally in the UK, are listed on the London Stock Exchange and are a member of the FTSE 250. Our activities are straightforward. We remain focused on markets and services we know and understand. Our businesses have remained local. Our knowledge and experience allows us to provide an informed and valuable service whilst operating via a national network, allowing us to lend where others do not.

This blog is one of a series of articles from our commercial partners.
The views expressed are those of the author and not necessarily those of ICAS.


  • Thought leadership

Previous Page