End of year Data Protection Checklist

15th December 2020Checklist

Well it is almost the end of 2020.  What a year!  Rather than look back, we thought we would help you to look forward with confidence.  What better time to make sure you have all your data protection processes and procedures in place so you can begin 2021 on the right foot? 

We’ll start with a reminder of everything you should be doing to comply with UK GDPR / the UK Data Protection Act 2018 (which run alongside each other – see our blog on Deal or no Deal), and we will conclude by signposting you to some of the additional things you may need to consider as we exit the transition period with the EU.  

  1. Review your procedures

Take some time to go over your policies and procedures to ensure that your privacy policies and data processing agreements are fit for purpose.  Double check that everything within them is happening in practice.  Have these been updated to account for homeworking if necessary? 

[if you need the peace of mind of a second opinion, contact one of our data protection specialists

  1. Training

Have you had new team members or perhaps people have changed roles?  Does everyone within your organisation understand the legislation and their roles and responsibilities. Has homeworking added another layer of complication to where personal data is stored? (beware personal devices).  Ensure everyone is aware and remains compliant. 

[our training is available both online and via Zoom

  1. Data Breaches

Do you have a robust policy in place should an incident or data breach arise?  Does everyone know what action they should take?  Particularly over the festive period – a shut-down could be an opportunity for cybercriminals so remain vigilant and take extra precautions if necessary. 

  1. Analysis of Personal Data

 Do you have a comprehensive list of all of the personal data you store and process?  Has this changed over the course of the year?  Don’t forget customer data, personnel data, CCTV . . . anything at all that you have that could lead to the personal identification of an individual. 

  1. Data Impact Assessments

You should have carried out data protection impact assessments on any processes you carry out that may impact data privacy.  Are these all correct and up to date.  Do you have any missing?  

  1. Access Rights

Individuals have a legal right to access the personal data you hold on them.  Double check that this data is held in a format that is accessible and portable as you only have one month in which to reply. 

  1. Consent

What legal basis do you have for communicating with customers?  If you are relying on consent as defined by your privacy policy, make sure you are keeping records of that consent.  Double check your processes and procedures are working correctly. 

[Update your training or get extra support from The Griffin House Consultancy

The end of 2020 also marks the end of the Brexit transition period and this brings additional considerations and responsibilities for Data Protection Officers or those responsible for data protection. 

The two biggest things to be aware of are as we complete our Brexit transition.  Act now:  

  1. If you transfer data from the EU into the UK this will not be a legal, legitimate transfer unless you have a Standard Contractual Clause in place.  We recommend you double check that you are not transferring data into the UK from Europe and if you are, you must put SCCs in place. 
  2. Secondly the European Data Protection Board (EDPB) has announced that all terms and conditions and contracts that mention the EU GDPR or just GDPR will need to be changed to the UK GDPR, so you will need to go through your contracts and make this change in order to make them compliant. 

If you need some help, support or training please do contact us.  We understand data protection legislation, but we are human too.  We simplify the day-to-day legalities of compliance, audits, documents and processes to give you the peace of mind you need. 

 We balance legality with commerciality. 

 Get in touch.  

Call:+44 (0)1673 88 55 33 

Email:[email protected] 


Let us ease your mind

If you have any queries, questions or requests then please get in touch. We’re always very happy to talk, you’ll find a friendly voice on the end of the line or simply fill out the form below.

    Your Contact Details

    This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.