- Do you have ‘consent’ in place for every individual’s personal information you hold on your files and systems?
- Is there a ‘privacy policy statement’ on your consent forms, terms and conditions and contract agreements?
- Make it plainly evident what kind of personal information you collect.
- Explain what you will do with their personal data and how it is stored.
- Spell out what security measures you have in place for holding their personal information.
- Tell them specifically who you will share their personal information with.
- Be transparent and give them the option to unsubscribe on all your manual and electronic correspondence, e.g. website, emails, newsletters.
- Make ‘subject access requests’ easy to process.
- Double check that all your electronic platforms, cloud based solutions comply with the GDPR.
- Make sure your privacy impact assessments are kept up to date.
Final question: do you understand what a breach might look like and how to deal with it?