An essential factor in achieving compliance with the GDPR is ensuring that you understand the personal data held by your organisation; where it came from, how you process it and what you use it for, who you share it with and where in the world it goes!

Without this fundamental basic understanding and knowledge capture you will not be able to assess your main risk areas in terms of GDPR compliance.

This month, we recommend that you undertake a comprehensive personal data inventory collecting this information from all the various departments within your organisation, such as finance, sales, marketing, HR and IT, which may be holding and processing personal or sensitive (special category) data.

At the end of this exercise you should understand the categories of personal data you hold, the purposes for which the data is held and the flow of personal data through your organisation. If, when analysing where personal data is sent, in terms of third parties, processors and geographical locations you establish that some personal data is sent outside the EEA, for example, if your organisation uses cloud storage which is based outside the EEA, then specific consideration must be given to the adequacy of protection for data subjects.

Your data inventory will also provide the basis for your organisation’s data record (if you are required to maintain records under the GDPR).

If you require guidance on how to undertake your data inventory we can assist you with a scoping meeting and a Data Inventory & Flow Precedent and guidance note to get you started. These will help you ensure that you’re asking the right questions about your data. If you think either of these products would be helpful to your organisation please get in touch.

If you would like any further information about the GDPR and how it might affect your business please download our Geldards Guide or if you would like to discuss how Geldards can help with training on the GDPR, please do not hesitate to contact our Information Law Team.

RELATED:INFORMATION LAW >>GELDARDS GUIDE TO GDPR >> EMPLOYMENT >>


MORE FROM THE ADVICE CENTRE

Blogs

Cyber-Security Issues & Increased Obligations under the GDPR
15/02/2017
The National Cyber Security Centre (NCSC) opened this week and is promised to be the “authoritative voice on information security in the UK”.
more...

Publications

Geldards Guide to General Data Protection Regulations (GDPR)
27/01/2017
The General Data Protection Regulation (‘GDPR’) is the new EU data protection framework replacing the current Data Protection Directive implemented in the UK by the Data Protection Act 1998.
more...

PARTNER

Lowri Phillips

LOWRI PHILLIPS

Partner, Cardiff

+44 (0)29 2039 1758
email
more...

HEAD OF KNOWLEDGE MANAGEMENT

Hayley Lewis

HAYLEY LEWIS

Head of Knowledge Management, Cardiff

+44 (0)29 2039 1785
email
more...

PROFESSIONAL SUPPORT LAWYER

Helen Snow

HELEN SNOW

Professional Support Lawyer, Cardiff

+44 (0)29 2039 1497
email
more...