Guidance has now been published by ICSA – The Governance Institute, which is meant to be used internally by firms, as the May 2018 implementation date of the General Data Processing Regulation (GDPR) draws closer.
This sort of guidance is important for any business or organisation that is faced with having to take on the new responsibilities and processes that will be required under GDPR. The guidance is relates to all areas of a business. This means that it can be utilized by the board to allow members to effectively speak with employees in areas from marketing to IT. It is a tactic for enabling everyone to be aware of what GDPR means to them and how they fit in.
Any business that is readying for GDPR can use the guidance as a checklist to help its preparations. It is an effective way of establishing what still needs to be completed, in order to ensure compliance, come the day that the legislation becomes enforceable. The guidance is separated into different areas.
- The basics of how data should be managed and what the processes should be.
- How to deal with people regarding GDPR related issues.
- Deciding on risk andformulating a structured governance process.
The guidance was formulated by ICSA in relation to the difficulties that some businesses were meeting while getting to grips with GDPR. The fact is that once GDPR becomes enforceable by law on May 25 2018, businesses will need to show that they are compliant. In order to do this they need to audit the data they hold, ensure that they have consent, or another legal valid reason, for holding it, ensure that the data is correct and that they still need to process it, and ensure that they know where the data is being stored and who is managing it.
The guidance will assist businesses in completing this work effectively, as it explains what they need to do. They can review the guidance, to ensure that they are in the best position to adhere comply with GDPR, and display they are compliant, by 25 May 2018.