GDPR – What happens on May 26th?

Red mug with a red and white calendar of May 2018 with the date 26th circled

Date

GDPR 25th May….  It’s the date we have all been working towards, some of us for many months. But what happens on 26th May, and the day after that?

Well, initially we all have a well-deserved rest over a bank holiday weekend, and then it’s business as usual from Tuesday 29th May.  But what is ‘business as usual’?

For those who have not been able to complete their GDPR preparations prior to 25th May, you should have an action plan to take you through the following weeks and month on the journey to compliance with the principles of the GDPR and to demonstrate ongoing accountability.

But if you have completed your preparations it doesn’t mean that you don’t have any ongoing work to do.  In order to demonstrate accountability, you will need to test your processes, test your staff and create an audit programme.

1.  Test your processes

You have created a lovely shiny process to be followed if a data subject exercises one of their rights; but does it work? You may not receive a request straight away so why not run a workshop on the basis that you have received a request and work out the steps you need to follow to comply with the 30 day timescale – use the outcome to refine your process where necessary.

2.  Test your staff

You have trained your staff but how much have they actually understood? Are your policies and procedures embedded? Test them. Send in a ‘dummy request’ and see what happens. Don’t forget to also test from a cyber security point of view – simulated phishing email tests are a useful exercise.

3.  Create an audit programme

How will you demonstrate ongoing compliance? DPOs should consider regular spot checks, especially if your business has more than one site – are the team keeping paper that you think has been destroyed? Are visitor processes being followed – turn up unannounced and you will find out!  Don’t forget that root cause analysis of complaints and data breaches will provide you with valuable insight on how well your GDPR programme has been embedded. Check your websites on a regular basis to make sure they haven’t reverted back to old versions of any of your policies. Monitor social media for mentions of your business, which can be an early indicator of a data breach.

4.  Keep up to date

The draft Data Protection Bill had a provisional report stage on 9th May and as progress continues to be slow, it may not be enacted before 25th May. The E-Privacy Directive is also still stalled and could arrive at any time in the coming months so it’s definitely one to watch, and it’s always worth checking in with the ICO’s website to see updates on how they intend to enforce GDPR and what they will be looking at in the coming months.

Get in touch

Here at Teal we will of course keep you up to date through our blogs and our experts are always available to offer advice or even to come in and test your processes for you.  Find out more about our data protection services or simply get in touch with one of our experts.

More
articles

Testimonial from Right Legal
"We have been using Teal to support our compliance frameworks, and every aspect of our experience with them has been fantastic. From the training to the audits, and especially the ‘Ask Teal’ helpline, nothing is too much trouble, and you get quick support from some of the industry’s best compliance experts. Just having them there to support our continued growth takes a huge weight off my mind. Highly recommend to firms of all size and structure!"
Get in touch
Testimonial from Constantine Law
"We rely on Teal Compliance to provide responsive, practical compliance services to Constantine Law (we do not have an in-house compliance officer/function). I would encourage all solicitor firms without their own resource to engage with Teal: they know what they are doing and they provide peace of mind regarding day-to-day compliance matters as well as responses to unforeseen (tricky) compliance matters. They have become an indispensable partner to Constantine Law in our growth journey."
Get in touch
Testimonial from Streathers Solicitors
"We have worked with Teal for several years. They have provided us with AML training and also helped us put together our firm-wide AML risk assessment and our updated AML policy, along with assisting us with various issues as and when they arose. We have always found them to be very helpful, friendly, responsive and knowledgeable, and are happy to recommend them."
Get in touch
Testimonial from Streathers Solicitors
"We have had a relationship with Teal for a number of years and they have provided a valuable resource to our compliance team. Teal combine the delivery of a personal and friendly service with city level expertise."
Get in touch