Berry Smith has compiled a useful checklist for organisations to help them determine if they are compliant with GDPR.
- Are a Data Controller, Data Processor, both or don’t know?
- Have you carried out a data audit, documented the Personal Data you hold and are aware of:
The reasons for processing it?
Where it came from?
Who you share it with?
How it is stored?
- Have you updated or deleted any inaccurate or incomplete Personal Data?
- Do you know the lawful purpose for processing Personal Data?
- Have you drafted a privacy information notice to comply with Articles 13 and 14 of GDPR? Where is this located?
- Are you relying on consent to process personal data? If so, are these consents GDPR compliant?
- If you have contracts in place with Data Processors, have these been updated?
- Have you introduced policies and procedures to address:
Data breaches and notifications?
Security?
Subject access requests?
Internal privacy procedures?
Retention periods?
- Have you assessed your business’s direct marketing activities so that they are in line with GDPR and PECR?
- Have staff been trained – is there a general awareness about GDPR and its Requirements?
- Are your security provisions adequate and appropriate to protect against a data breach?
- Have you appointed a Data Protection Officer?
- Do you transfer Personal Data outside of the EEA?
- Have you taken expert legal advice?
Berry Smith can assist with your GDPR compliance. For further information on this and all queries about GDPR please contact either Dan Dowen at ddowen@berrysmith.com or Philip Griffiths at pgriffiths@berrysmith.com alternatively please call 029 20 345511 and ask for the commercial team
Dan Dowen – Solicitor
Phil Griffiths – Senior Consultant