It will probably never happen…. but

It will probably never happen…. but

Having to fork out 4% of global turnover after GDPR arrives on the 25 May 2018 will probably never happen to you, or anyone you know. But just in case, have you thought about the following:

  • A Data Protection Policy setting out in writing what’s your firm’s approach to data protection. What the risks and obligations are from the way we obtain, process, share, and keep secure personal data about our customers and employees?
  • A written Information Management & Security Policy covering your safe and appropriate acquisition, use, storage and disposal of personal data in paper and electronic format, in order to prevent unlawful loss, damage or destruction.
  • The bullet points in your Data Breach Procedure so that you and your staff know what to do, and who to tell, when the laptop gets stolen or the email gets sent in error to “reply all”, and the register recording What? Why? and How? it happened
  • Your Privacy Notice telling your customers upfront “this is what we do with your data”
  • Agreed reciprocal obligations with people you send data to, and receive it from, so that you don’t get landed in it, when they breach data protection
  • Not asking for customer’s consent when you don’t need it
  • What personal data do you collect? Should you collect more, with appropriate customer’s consent? Will it make your conveyancing business more valuable in the long run?
  • Training so that your staff are less likely to commit a data breach by mistake, and more likely to recognise a breach when it happens.

Contact Boiled Frog Limited if you would rather concentrate on completion day deadlines than GDPR deadlines (25 May 2018 – just a reminder).

Tom Horrocks

Leave a Reply

Your email address will not be published.