What do I need to do to comply with the GDPR?

The very first step is to carry out an audit. The downloadable GDPR template below can help you identify what type of personal data you are holding in respect of an employee but you can also use this template as a guide to other information about customers that you are also holding. Consider where is the data coming from, where is it being stored and where is it going to.

In using the template think about the following and note where this is stored or used:

• the business's personal data processing activities, such as how the business collects, uses, shares, and otherwise processes personal data;
• the different types of personal data involved in those processing activities;
• the different types of data subjects and where they reside;
• why the business engages in the processing activity;
• the parties who may access the personal data, such as data processors and other third parties, and the types of personal data disclosed;
• the different business systems that store or process personal data, including electronic databases and the people responsible for those systems;
• the geographic locations where the business stores personal data;
• the electronic personal data flows, including data transfer, sharing, storage, exit, and destruction points;
• how long the business retains personal data; and
• the security controls and safeguards deployed to protect personal data.

Consider that key employees with relevant information may sit in:

• operations;
• human resources;
• records and information management;
• information technology;
• marketing;
• finance;
• webpage design;
• product development;
• compliance;

Once you have identified the data, look and see what type of data this is and whether it falls under the category of “Special Data”.

Special data is:
Personal data that reveals:

• racial or ethnic origin;
• political opinions;
• religious and philosophical beliefs;
• Trade Union membership;
• genetic data;
• biometric data for uniquely identifying a natural person;
• and sex life and sexual orientation.

Looking for Privacy Notice Help?

Buy Your Privacy Notice Online