Guidance has now been released by ICSA – The Governance Institute, which is intended to be used internally by companies, as the May 2018 implementation date of the General Data Processing Regulation (GDPR) draws near.
This type of guidance is vital for any business or organisation that is faced with having to deal with the new responsibilities and processes that will be required under GDPR. The guidance is clear and relevant to all areas of a business. This means that it can be used by the board to enable members to effectively have discussions with employees in areas from marketing to IT. It’s a way of enabling everyone to be aware of what GDPR means to them and how they fit in.
Any business that is preparing for GDPR can use the guidance as a checklist to aid its preparations. It is a good way of establishing what still needs to be done, in order to ensure compliance, come the day of implementation. The guidance is split into different areas.
- The basics of how data should be dealt with and what the processes should be.
- How to deal with individuals regarding GDPR related issues.
- Establishing risk and developing a structured governance process.
The guidance was produced by ICSA in recognition of the difficulties that some businesses were experiencing in getting to grips with GDPR. The fact is that once GDPR becomes law, businesses will need to prove that they are compliant. In order to do this they need to audit the data they hold, ensure that they have consent, or another legal valid reason, for holding it, ensure that the data is correct and that they still need to process it, and ensure that they know where the data is being held and who is responsible for managing it.
The guidance helps business to do all of this work effectively, as it explains what is expected of them. They can follow the guidance, to ensure that they are in the best possible position to comply with GDPR, and show they are compliant, by 25 May 2018.