Three Things to do Today to Get Started
So if you haven’t yet started or you want to check whether you have started in the right away then my top three tips are:
-
Identify and Clarify what Personal Data you have
This could take one page or several pages. On employee data you might have a soft and hard copy of their personal information eg:
- Home address
- Date of birth
- Phone, email
- Bank account details
- Emergency contact details
And that might be it. All you have to do is the same for any other personal data. Wondering what other personal data you may have? See ‘What is GDPR?’ above.
-
Set Data Retention Periods
All you do here is decide how long you are going to keep the personal data and the reason you need it to keep it for that period of time. For example; employee data will be kept for three years after an employee leaves to fulfil tax and employment purposes as well as to provide a reference to future employers.
-
Create Policy Documents around Data Retention, Use, Privacy and Access.
In other words, how long we keep your data, how we use that data, our approach to protecting your data and how you can see what data we hold on you. Yes, you have to share this, you have to do it for free and you have to do it within 30 days after it is requested.
Under GDPR, the organisations that collect and retain personal data have to do the above or to put it another way organisations are now accountable to me personally for how they collect, manage and use my personal data, Oh yeah and there are significant fines of 4% of turnover or €20 million whichever is the greater for failing to do it!
Now while you should get legal advice about all of the above a good start may be to look and see what other companies in your industry, are doing and see if you can develop some ideas around your own approach.