Workplace Data Privacy Audits
The General Data Protection Regulations place greater emphasis on the documentation that data controllers must keep to demonstrate compliance. Businesses need to be clearer and more transparent about what data they process and how. The rules around this are changing and the consequences for getting it wrong are far greater.
The first step in getting to grips with this will be a data protection audit to understand where you might need to improve to comply with the GDPR.
The audit is tailored to your particular requirements, but will usually involve looking at the following:
- Are relevant and appropriate data protection policies and procedures in place
- What categories of data are processed by the organisation
- Whether privacy impact assessments will be needed for specific ‘high risk’ areas
- What Privacy Notices are in place
- Comprehension of data protection responsibility, knowledge and training
- How the organisation would deal with data subjects’ rights
- Practices surrounding data accuracy and retention
- Security of personal data
- The legal basis for cross border data transfers, if applicable
- Data sharing with third parties
We can then help you assess where improvements need to be made or gaps need to be filled in order to be compliant with the GDPR.
For more information please get in touch with a member of the workplace data privacy team.
Cookie consent is a box-ticking exercise after all!16 October 2019
The General Data Protection Regulation for employers06 July 2018
The General Data Protection Regulation (GDPR) is European legislation affecting all organisations that hold personal data on living individuals. It aims to ensure that organisations using and processing personal data do so fairly and lawfully and gives a number of rights to individuals in terms of how they can access their data and influence its use.
International data transfers - are model clauses now under threat?05 October 2017
Many of you will remember Max Schrems, the Austrian law student who in 2015 successfully brought a case to the European Court of Justice (“ECJ”) that resulted in the “safe harbor” - the agreement that allowed the transfer of EU citizens’ data to the US - being declared invalid.
Data Academy - FULLY BOOKED26 September 2017
This is a half day data conference comprising interactive sessions, speakers from Lewis Silkin, Accenture and industry specialists.
The General Data Protection Regulation (GDPR) came into force on 25 May 2018.