There are so many things to think about when it comes to GDPR, and lots of measures to put in place to ensure your business is GDPR compliant. We have put together our top 3 things that you should keep in mind regarding GDPR.
1.Does the GDPR apply to data processing of a resident of the EU?
The general consensus is quite broad with regards to whether GDPR applies to those living within the EU. One key point here is that GDPR should not be applied to every entity that performs data processing of people residing within the EU.
For clarity on this, feel free to look at Article 3 of the GDPR which states that GDPR is applied whether the data processing takes place within the EU or not. It also states that GDPR applies if the data processed is for someone who is in a Member State of the EU.
2.Is it mandatory for all businesses to appoint a Data Protection Officer (DPO)?
As you will see on our Data Protection Officer service page, a DPO is not required in all companies. They are only mandatory in 3 cases:
- If the processing is performed by a public authority / body
- When the data being held and processed in on a large scale
- If the data being processed is sensitive data e.g. health, ethnic origin or religious
3.What should consent look like?
The main thing to note here is that consent should be unambiguous and not misleading. Pre-filled ‘opt-in’ boxes are a no-go. Consent should be free, meaning that there are no external pressures on the data subject to consent. They also have the right to withdraw consent at any time.
Consent should also be specific. For example, if you are asking subjects to sign up to your email marketing newsletter, you need to be very clear on the topics you will be sending emails about.
So in summary, these are the 3 key things that you need to ask yourself to check your business is GDPR compliant. If you are looking to outsource a Data Protection Officer, this is something we can provide.