It made big headlines at the time. Now, two months later we are starting to see the impact of General Data Protection Regulation (GDPR) on business.
Many businesses have put the issue on the back burner following the deadline for compliance in late May.
But the fact is GDPR is an on-going issue and a subject that businesses need to continually work on and review.
For instance, a growing number of companies are now receiving subject access requests.
Under the new legislation your prospects, clients and staff have rights to access or erase their personal data, correct inaccuracies and object to processing.
The £10 fee to access personal data has now been abolished and that is being seen as a major reason for the rise that we are seeing. However, there are also reports of companies also receiving “nuisance” requests.
Against all this background it is important that businesses understand the processes to follow if a request is received.
You have only 30 days to respond, so it is vital that you have a process to enable you to find, pull out and send the data as required within that timescale.
There can also be wider implications. What is your data retention policy? Are you holding onto information for longer than you should? What is your email policy? If you receive a request how easy is it for you to pull out all the necessary emails? Does your data contain details about other people and organisations, or personal opinions?
Dealing with subject access requests highlights just some of the many issues we help our clients resolve.
And it really does show the importance of having a robust approach to GDPR implementation.
By demonstrating to potential and existing clients that you are doing everything you can to protect their rights you will continue to build and maintain the trust that underpins your client relationships.
AW Training and Compliance has joined with WNJ to ensure that its clients can approach GDPR in a compliant and stress-free manner.
To discuss any issue regarding GDPR and how AW Training and Compliance can help you please contact me on 01257 460081 or email firstname.lastname@example.org
• Penny is a management and leadership expert with a background in regulatory compliance. She is a certified EU GDPR Practitioner, ISO17024 certified and Institute of Information Security Professionals accredited.