search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
www.glasgowchamberofcommerce.com 33


PREPARING FOR GDPR: 12 STEPS TO TAKE NOW


1. Make everyone aware of GDPR and their responsibilities 2. Audit what personal data is being held 3. Review privacy notices 4. Review procedures so they accommodate an individual’s data rights 5. Update data access request procedures 6. Identify the lawful basis for processing personal data 7. Review how you seek, record and manage consent 8. Ensure you can verify age and parental consent where required 9. Apply procedures to detect, report and investigate data breaches 10. Instigate data protection impact assessments 11. Designate someone to take responsibility for data protection compliance 12. International organisations need to determine their lead data protection authority.


Source: https://ico.org.uk/


processors” – any organisation that processes the data on behalf of the data controller, including collation, recording and holding data – is now subject to the new data protection legislation. The GDPR also sets out the rights of individuals who have their data held and the obligations that organisations have to use and keep this information secure. It also gives people the right to have easier access to the information held about them, free of charge. The law also gives them the right to have it deleted, where appropriate. A big issue for companies holding existing data on people is the GDPR’s insistence that all companies obtain the consent of people they collect information about for the right to contact them in the future; evidence of their “opt-in” is required and also of their preferred method, if any, for contacting them in the future. However, consent is not required if an organisation has a “legitimate” interest in contacting an individual as part of its current contract relationship with that person.


Data security is a key feature of the


new legislation. Computer records have to be encrypted or at least password protected, and hard copy records kept under lock and key with access limited


to personnel who need to view them as part of their job role. As we have seen in recent years, some companies have been less than forthcoming in admitting to breaches in their data security. For example, Yahoo has said that all of its three billion user accounts were affected in a hacking attack dating back to 2013, and Uber concealed a hack that affected 57 million customers and drivers, which happened in 2016. Under GDPR, organisations


have 72 hours to report the breach – “the destruction, loss, alteration, unauthorised disclosure of, or access to” people’s data – to the ICO and contact the people that have been affected. The ICO’s website states


that ”many of the GDPR’s main


concepts and principles are much the same as those in the current Data Protection Act” and the UK’s Information Commissioner Elizabeth Denham said that the new regulations only represent a “step change” for organisations which already comply with existing data protection laws. “It’s still an evolution, not a revolution,” she added.


USEFUL INFORMATION: https://ico.org.uk/for-organisations/ business/


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48