GDPR final top ten tips
There’s less than 24 hours to go and hopefully you’ve completed your compliance process or are at the very least, making good progress way through your action plan.
To check that you haven’t missed anything, take a look at our final top ten tips;
1. Consider processing personal data in a way so that you can’t tell from looking at it which person it relates to. You would need additional information (a key or code) kept separately (and securely) to decode it. (Known as ‘pseudonymisation’.)
2. Think about whether some data can be anonymised. Do you really need to be able to identify the employee to use the data? For example, if you are processing information for research or statistics then you could probably anonymise it. We see this a lot in the public sector when data is collated for the purposes of equal opportunities.
3. Use passwords and encourage employees to use more complex passwords, not to share them, and to change them regularly.
4. Encrypt data where possible, particularly if you are transferring data or allowing remote working.
5. Think about the devices that employees use and their security access. Will you still allow employees to use their own smartphones etc., or will you provide company phones and laptops now instead?
6. Only process personal data necessary for specific purposes.
7. Review your exit process. How do you know that confidential information and personal data stored on employee’s own device has been removed?
8. Think about your recruitment processes, how long are job applications kept for? Do your applicants know what the purpose of retaining their data is?
9. Put in place measures to ensure you are compliant with the principles.
10. Keep records to prove you are compliant.