Are you making these common GDPR mistakes?
GDPRs never going to be simple, but unfortunately getting it wrong can lead to penalties and fines!
Even the most experienced Data Experts can make mistakes, so it’s always good to be in the know about what the most common, yet easily fixable, mistakes are.
Here are the five most common GDPR mistakes that we’ve seen (and how you can avoid them).
1. Compliant on paper, but not in practice.
You may have sorted out your documents, including the privacy policy in the emails, and have the perfect breach prevention plan. But…are you actually going to follow the rules? All too often, companies will be GDPR compliant by documentation, but still make errors when it comes to actually storing, processing or deleting the data. It’s important to make sure that whilst you’re getting your GDPR Rin order, that you’re taking notes in areas such as how you’ll store your data, how you make sure that your privacy notices are clear, and what you will do if there was a personal data breach. Remembering these key details will make sure your business is GDPR compliant on paper and in practice.
2. Party for One.
This is a difficult one for companies but having one person solely in charge of all of your GPDR, data protection and sometimes IT services can for many be too much. You want to make sure that your data protection officers can be focussed on making sure you’re meeting the data protection guidelines for your country, without having to worry about other IT related services too! If you can, it’s best to have a team handling all of the different data protection needs of your business. Budgeting for a small, but skilful team is much more cost-effective than being landed with a huge fine from the ICO, and you can rest assured that your data needs are being taken care off. Managing data is a multi-skilled operation, so having a team is the best way to ensure there are no unturned stones in your GPDR preparedness.
3. Thinking Small
You may have followed the GDPR for your customer’s data to a high standard, follow all of the protocols and checked every box. But, what about your staff’s personal data? Or resumes from potential hires? Are these just stored in a big file that anyone could open? When it comes to GDPR you need to make sure you’ve thought through all the data you may need to manage. We’d recommend taking the time to write down all the types of data your company may use or receive and ensuring you have included these in your GDPR documentation. Taking ten minutes to do this now could have a huge fine or penalty later down the road!
4. 72 Hours
Nightmare: You’ve woken up in the morning to find that your company has become infiltrated overnight, and hackers have stolen the personal data of hundreds of customers and staff. While it would be tempting to bury your head in the safety of the duvet, you have to act fast. Upon learning of a breach, you must notify the Information Commissioner’s Office (ICO), as well as all of the affected users. All organisations have to report certain types of personal data breaches to the relevant supervisory authority within 72 hours of becoming aware of the breach, where feasible. This is actually quite a serious mistake that countless small and big business make, so be sure to read the ICO guidance on this to ensure you won’t be waking up to the same nightmare.
5. Procrastination
You’re aware you have to get started on your GPDR documents, but you’re not sure how, or why, and frankly you have lots more important thing to do, especially now! This may sound like a good excuse to you, but it definitely will not work with the ICO and your Data Protection Authority. Quite simply, you cannot delay starting your GDPR. We understand that it can be a daunting task to many, which is why we at GDPRlocal are here to help.
If you are new to GDPR, we suggest you start by getting your free GDPRlocal account by clicking here and take a look at the free downloads. These documents will help you understand what you need to do.
If you have questions about getting your GDPR started or anything we’ve highlighted today, drop us an email at [email protected], or call us at 01772 217800 and we can give you a hand.
Good luck all.
Contact Us
Hope you find this useful. If you need an EU Rep, have any GDPR questions, or have received a SAR or Regulator request and need help then please contact us anytime. We are always happy to help...
GDPR Local team.
Recent blogs
Appointment of a DPO in Singapore: What You Need to Know Before 30th September
If your business handles personal data in Singapore, it’s important to be aware of a key deadline
Enterprise Data Protection: Securing Large-Scale Information Assets
Cyber threats and regulatory pressures have made it necessary for businesses around the world to sa
Continuous Data Protection: Ensuring Real-Time Information Security
Continuous data protection (CDP) has emerged as a crucial strategy in safeguarding data assets agai