Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

What, when, why and how? A CIO roadmap to getting ready for GDPR

Annabel Gillham | Aug. 7, 2017
MoFo lawyer Annabel Gillham explains how to ensure compliance with EU GDPR guidelines, and offers a checklist of what CIOs should be doing to prepare their organisations for the enforcement of incoming regulations.

CIOs may also be asked to facilitate the process for identifying what "high risk" data processing is carried out by the business. High risk processing includes profiling and systemic large scale monitoring of publicly accessible areas (e.g. CCTV). Once this type of processing is identified, a mechanism should be designed to flag it for a data protection impact assessment (DPIA) before any processing begins. CIOs should ensure that their teams know to check with relevant business leads that a DPIA has been carried out if they are asked to conduct any high risk processing.

CIOs should ensure that they feed into new procedures for dealing with individual requests to ensure that these can be dealt with efficiently. CIOs should identify the number and scale of subject access requests made in previous years, in order to design a process to handle future requests - and note that timing will be tight: subject access requests and individuals' requests to "port" their personal data to another organisation should normally be handled within a month. The procedures also need to cover how a request for erasure will be dealt with - and in what circumstances third parties (e.g. search engines) will be contacted to delete data.

Data security breach response procedures should be updated. The days of voluntary reporting are gone. As a rule of thumb, breaches must be reported to the ICO within 72 hours, unless the breach does not expose individuals to risk.

 

EU GDPR verdict

GDPR preparation involves a time-consuming review of data processing activities and policies, but is already helping to embed data privacy within business culture. The idea is that one day soon it will become second nature.

 

Previous Page  1  2  3 

Sign up for Computerworld eNewsletters.