Companies are being urged to start preparing now for Guernsey's new data protection laws that will govern how businesses process and handle data.
The date for enactment of the European Union’s General Data Protection Regulation (GDPR) is 25 May 2018.
In preparation, Nick Robison, partner at Guernsey law firm Babbé, has created a 10 step guide that will help businesses get ready.
1. Don’t panic - there is still time to prepare if you act now.
2. Do a personal data audit and document it - know what data you have, where it is and how it is processed.
3. Review and if necessary upgrade the security of your personal data including your back-up systems e.g., firewall and virus software protection, encryption and password protection.
4. Review your data retention policy including how you delete data at the end of a retention period e.g., can you selectively delete from your current servers and back-up tapes?
5. Ensure you have a subject access request policy e.g., have an allocated person who will deal with data requests from individuals and systems in place to search efficiently for and collate the specific data in time.
6. Prepare for data breaches by having a robust data breach plan e.g., have an allocated person who will deal with clients, the regulator and the public if a data breach occurs.
7. Check the data protection policies of all third parties who process your data to ensure they are compliant with the data protection law.
8. Train your staff on data protection and how to avoid identity fraud, virus and malware attacks.
9. Check whether you process sensitive, special category personal data and ensure you are processing it appropriately with the necessary safeguards.
10. Be ready to demonstrate compliance with the data protection law by having records of all your data protection policies and procedures.
Comments
Comments on this story express the views of the commentator only, not Bailiwick Publishing. We are unable to guarantee the accuracy of any of those comments.