End of year Data Protection Checklist15th December 2020
Well it is almost the end of 2020. What a year! Rather than look back, we thought we would help you to look forward with confidence. What better time to make sure you have all your data protection processes and procedures in place so you can begin 2021 on the right foot?
We’ll start with a reminder of everything you should be doing to comply with UK GDPR / the UK Data Protection Act 2018 (which run alongside each other – see our blog on Deal or no Deal), and we will conclude by signposting you to some of the additional things you may need to consider as we exit the transition period with the EU.
- Review your procedures
Take some time to go over your policies and procedures to ensure that your privacy policies and data processing agreements are fit for purpose. Double check that everything within them is happening in practice. Have these been updated to account for homeworking if necessary?
Have you had new team members or perhaps people have changed roles? Does everyone within your organisation understand the legislation and their roles and responsibilities. Has homeworking added another layer of complication to where personal data is stored? (beware personal devices). Ensure everyone is aware and remains compliant.
- Data Breaches
Do you have a robust policy in place should an incident or data breach arise? Does everyone know what action they should take? Particularly over the festive period – a shut-down could be an opportunity for cybercriminals so remain vigilant and take extra precautions if necessary.
- Analysis of Personal Data
Do you have a comprehensive list of all of the personal data you store and process? Has this changed over the course of the year? Don’t forget customer data, personnel data, CCTV . . . anything at all that you have that could lead to the personal identification of an individual.
- Data Impact Assessments
You should have carried out data protection impact assessments on any processes you carry out that may impact data privacy. Are these all correct and up to date. Do you have any missing?
- Access Rights
Individuals have a legal right to access the personal data you hold on them. Double check that this data is held in a format that is accessible and portable as you only have one month in which to reply.
The end of 2020 also marks the end of the Brexit transition period and this brings additional considerations and responsibilities for Data Protection Officers or those responsible for data protection.
The two biggest things to be aware of are as we complete our Brexit transition. Act now:
- If you transfer data from the EU into the UK this will not be a legal, legitimate transfer unless you have a Standard Contractual Clause in place. We recommend you double check that you are not transferring data into the UK from Europe and if you are, you must put SCCs in place.
- Secondly the European Data Protection Board (EDPB) has announced that all terms and conditions and contracts that mention the EU GDPR or just GDPR will need to be changed to the UK GDPR, so you will need to go through your contracts and make this change in order to make them compliant.
If you need some help, support or training please do contact us. We understand data protection legislation, but we are human too. We simplify the day-to-day legalities of compliance, audits, documents and processes to give you the peace of mind you need.
We balance legality with commerciality.
Get in touch.
Call: +44 (0)1673 88 55 33
Email: [email protected]