When a business looks at its responsibilities regarding data protection, your first port of call should be the Information Commissioners Office (ICO). Their remit is to get organisations to comply with UK data protection legislation and if you ask them for help, they will oblige.
There are extensive resources that are designed to make your life easier when navigating the route that your organisation should be following to comply with the various laws and regulations. This does mean (sorry!) GDPR. I know it’s a bit like reminding you to floss your teeth! No-one wants to do it but we all know it’s a good idea.
Some extra help from the IOC…
The ICO has put together a well thought out checklist… take a look here.
What is particularly helpful is a breakdown of several specific areas. These include:
- Data Processor*
- Data Controller**
- Information security
- Direct marketing
- Records management
*A controller determines the purposes and means of processing personal data.
**A processor is responsible for processing personal data on behalf of a controller.
If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have legal liability if you are responsible for a breach.
However, if you are a controller, you are not relieved of your obligations where a processor is involved. In fact, the GDPR places further obligations on you to ensure your contracts with processors comply with the GDPR.
If you feel like this is all a bit overwhelming, you can request an “advisory visit” from the ICO.
These are informal visits that can help you approach this from the right starting point. They are free but discretionary.
If you need some more advice on how you managed your data, we are just a call away, so please feel free to give us a call on 020 72 41 22 55 or fill out our contact form and we’ll quickly get back to you.