Skip to toolbar

Complying with GDPR

You are here:
Estimated reading time: 1 min


According to the Information Commissioner’s Office, you must:

  • Implement technical and operations processes that support the principles.
  • Keep records regarding data processing, if your organisation has more than 250 employees. The record includes: purpose of the processing, categories involved (individuals and data types), envisaged retention time-limits and technical/organisational security measures.. The records can be viewed on request by the supervisory authority in the event of an investigation.
  • Appoint a Data Protection Officer (DPO), if:

    > You are a public authorities (except courts) or
    > A private company which conducts large scale data processing that requires regular and systematic monitoring of data subjects and/or process on a large-scale sensitive data (health, religion, race or sexual orientation) or data relating criminal convictions.

  • Ensure data protection by design and data protection by default. By designing protection in at the start, problems are identified when they are easier to fix and the approach is more likely to be compliant with GDPR. These measures could include: data minimisation, pseudonymisation, transparency, high level of privacy by default and continual improvement of processes and security.
  • Conduct, as appropriate, a Data Protection Impact Assessment (DPIA) also known as a Privacy Impact Assessment (PIA).

You can also adhere to a code of conduct or be register to a certification scheme

Be prepared for 25 May 2018.

Was this article helpful?
Dislike 0
Views: 20


Not recently active