At last week’s Sales & Retention Convention, Regina Lally from Databasix delivered a great keynote on GDPR for the health and fitness industry. Feedback shows it was the most popular presentation of the day, justifying the prime position and time dedicated to the subject.
GDPR is about Accountability, Transparency and individual’s rights.
Here are 4 myths (that we regularly hear) which are not true:
- I don’t need to do anything until May 2018
- Consent is the only way I can process data
- We won’t be in the EU soon, it won’t apply
- My database is secure, I’m ready
Regina’s presentation covered People, Data and Processes, bringing focus on each section with examples and answering lots of questions from delegates throughout.
People
You need to decide who will be your Data Protection Officer (if your business meets the criteria, i.e. more than 250 staff), and also check on the attitudes towards data protection within your organisation. Being transparent with the way you use data is key, and training will help your employees understanding of data protection principles and processes.Data
Regina then covered the differences between personal data, personal sensitive data, and consent under GDPR. The relationship between Data Controller and Data Processor is another key point, with roles and responsibilities from both sides.Processes
The third section explained Subject Access Requests, the Right to Erasure, and what to do when Data Breaches occur (when, not if!)Here are Regina's 7 recommendations for action:
- Involve people
- Set accountability
- Map data flows
- Determine legal basis
- Implement / Update processes
- Be transparent
- Engage people
One final tip to help you start your preparation today for 25th May 2018… book the GGFit / Databasix webinar next Tuesday 28th November here.
1 comment:
Post a Comment