Complying with GDPR is the responsibility of every employee so we’ve written some tips on how you can help your business stay compliant.
- Check what information you have access to and are sharing. If it identifies an individual or it is sensitive personal data you must only share information you have permission to share.
- Ensure you are protecting confidentiality. Do not share confidential information on social media / public sites. Do not discuss customers, clients, other employees in open forums like reception and communal areas.
- Think about where you are holding confidential conversations. Conversations of a confidential nature should be held in private and not in public places.
- Delete e-mails containing personal data once they are no longer needed.
- Check that your workspace is secure and that no confidential information is on show for others to see.
- Your electronic devices should use suitable passwords that cannot be easily guessed and should not be on show. Do not share passwords.
- Computers, phones, laptops and electronic devices should be locked if you are away from them for a short period or shut down if you are leaving.
- Report any IT issues you have or messages you receive that may not be genuine. Do not open any unsecure links or spam emails.
- If you are taking personal data from the company’s premises, transport it securely and safely. Do not have personal details on show and leave it unsecure for anyone to take or copy.
- Ensure that you undertake any training provided on GDPR and any future training.
- Review your company’s Privacy Notice
- Be clear on who to report any concerns or breaches to, and report them as soon as you become aware.
What happens if there is a data protection breach?
All data breaches must now be reported to the affected customer / client and the Information Commissioners Office within 72 hours of the breach. Failing to do this can result in your employer being prosecuted and receiving large fines. It can also damage the business reputation.