Feel Safe, Call Teal

0333 987 4320

So what happens on May 26th?

[vc_row][vc_column][vc_single_image image=”420″ img_size=”full” alignment=”center”][vc_column_text]

25th May….  It’s the date we have all been working towards, some of us for many months. But what happens on 26th May, and the day after that?

Well, initially we all have a well-deserved rest over a bank holiday weekend, and then it’s business as usual from Tuesday 29th May.  But what is ‘business as usual’?

For those who have not been able to complete their GDPR preparations prior to 25th May, you should have an action plan to take you through the following weeks and month on the journey to compliance with the principles of the GDPR and to demonstrate ongoing accountability.

But if you have completed your preparations it doesn’t mean that you don’t have any ongoing work to do.  In order to demonstrate accountability, you will need to test your processes, test your staff and create an audit programme.

1.  Test your processes

You have created a lovely shiny process to be followed if a data subject exercises one of their rights; but does it work? You may not receive a request straight away so why not run a workshop on the basis that you have received a request and work out the steps you need to follow to comply with the 30 day timescale – use the outcome to refine your process where necessary.

2.  Test your staff

You have trained your staff but how much have they actually understood? Are your policies and procedures embedded? Test them. Send in a ‘dummy request’ and see what happens. Don’t forget to also test from a cyber security point of view – simulated phishing email tests are a useful exercise.

3.  Create an audit programme

How will you demonstrate ongoing compliance? DPOs should consider regular spot checks, especially if your business has more than one site – are the team keeping paper that you think has been destroyed? Are visitor processes being followed – turn up unannounced and you will find out!  Don’t forget that root cause analysis of complaints and data breaches will provide you with valuable insight on how well your GDPR programme has been embedded. Check your websites on a regular basis to make sure they haven’t reverted back to old versions of any of your policies. Monitor social media for mentions of your business, which can be an early indicator of a data breach.

4.  Keep up to date

The draft Data Protection Bill had a provisional report stage on 9th May and as progress continues to be slow, it may not be enacted before 25th May. The E-Privacy Directive is also still stalled and could arrive at any time in the coming months so it’s definitely one to watch, and it’s always worth checking in with the ICO’s website to see updates on how they intend to enforce GDPR and what they will be looking at in the coming months.

Here at Teal we will of course keep you up to date through our blogs and our experts are always available to offer advice or even to come in and test your processes for you.  Just drop us an email – hello@tealcompliance.com

GET

in touch

If you would like to find out more about how Teal Compliance and our expert Associates can help with your compliance requirements, we would love to hear from you. Send us your enquiry and we’ll be in touch.

​Feel Safe, Call Teal 0333 987 4320

Amy is my go to expert for both practical advice/help and firm
wide training in both AML and all aspects of compliance. Totally
dedicated, scarily knowledgeable yet always a joy to deal with.

Cyril Arridge, Managing Partner, Quality Solicitors Parkinson Wright