GDPR COMES INTO FORCE ON 25 MAY 2018
This is Step 10 in our series of emails designed to help you get ready for GDPR. If you have been following our 12 step programme, you should be making good progress. If you have missed any in the Series and would like to catch up, please visit 12 Steps to GDPR on our website.
The 25th of May is not very far away now and non-compliance can result in significant penalties. If you follow the practical steps in our series of emails, you should be getting into good shape but, if you need someone by your side to get you over the line, we are here to help.
STEP 10 – DATA PROTECTION AND DATA IMPACT ASSESSMENTS
It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this.
- GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default’.
- Also ‘Data Protection Impact Assessments’ or DPIAs – mandatory in certain circumstances.
- A DPIA is required in situations where data processing is likely to result in high risk to individuals, for example:
- where a new technology is being deployed;
- where a profiling operation is likely to significantly affect individuals; or
- where there is processing on a large scale of the special categories of data.
If a DPIA indicates that the data processing is high risk, and you cannot sufficiently address those risks, you will be required to consult the ICO to seek its opinion as to whether the processing operation complies with the GDPR.
You should therefore start to assess the situations where it will be necessary to conduct a DPIA. Who will do it? Who else needs to be involved? Will the process be run centrally or locally?
You should also familiarise yourself now with the guidance the ICO has produced on PIAs as well as guidance from the Article 29 Working Party, and work out how to implement them in your organisation. This guidance shows how PIAs can link to other organisational processes such as risk management and project management.
We are here to help
Qubic can work alongside you to help you meet the conditions laid out by the Information Commissioner’s Office for compliance with the new legislation. We have a team with expert knowledge, experience and technology to help your organisation be ready for GDPR on 25 May – but that’s not very far away now.
You can’t afford to wait any longer – contact Qubic today on 020 8601 7000 and we can help you work towards compliance. Even the longest journey starts with the first step…