General Data Protection Regulations (GDPR) affects every organisation which handles personal data. Since May 2018, the data protection landscape has changed imposing burdens and responsibilities which cannot be ignored.

GDPR in brief

GDPR is regulatory law which requires an organisation to build a framework of compliance through policies and procedures, ensure implementation through training, and establish a system of evaluation. GDPR has created the role of a data controller (the person or body who makes the decisions on how data is used) and ensured that the data controller is responsible for any breach or loss whether by accident or otherwise. This responsibility cannot be delegated. Individuals have been given new rights in respect of their data. A loss of data will, under the legislation gives rise to compensation, even if no loss is suffered as a result. It is clear that the message is that personal data is to be respected and kept safe.

The role of the data protection officer

The appointment of a data protection officer is mandatory for those who are a ‘public authority’ such as GPS, dentists, local authorities or for those who process a large amount of sensitive data such as health details. This appointment can be part time and does not have to be in-house. Some organisations, whilst not being required to appoint a data protection officer, may still wish to do so to demonstrate good practice for their business.

How to ensure compliance with GDPR

  1. Carry out an information audit of your existing data. Understand what data you take, why you take it, what you do with it, who you share it with and how long you keep it.
  2. Ensure your Privacy Policy is compliant, that it is on your website, and hard copies are available on request.
  3. Register with the Information Commissioners Office.
  4. Check employment contracts to ensure they are data protection compliant. Employees are data subjects, so ensure you have a fair processing notice.
  5. Check and if necessary update data protection policies and procedures.
  6. Appoint a Data Protection Officer or if not required to do so, a data lead.
  7. Organise staff training to ensure understanding and implementation of policies and procedures.
  8. Evaluate the effectiveness of policies and procedures by carrying out an annual audit.

Affinity Resolutions

We work with organisations and businesses in a variety of sectors including medical, retirement and third sector. We understand the importance of using data. With our unique legal, practical and marketing approach we will ensure that we  create for you a framework which is GDPR compliant. We can also act as an external DPO on a part-time, temporary or permanent basis.

How can Affinity Resolutions Help?

We understand the needs of an organisation to use an outside business. With our unique legal, practical and marketing approach we will ensure that we create for you a bespoke agreement which both meets the GDPR and allows you to carry on your business as you wish

For more information or see our contact information