Essential Tips For GDPR Compliance

1 – Make sure your business has a list of all the personal information it holds.

It may be useful to store such information with the following subheadings:

  • The source of information
  • Whom you share it with?
  • What you do with it?
  • How long you will keep it?

2 – Ensure there is a list which details where personal information is stored within your organisation, i.e. computer databases or on paper.

3 – Make sure your company has a publicly accessible privacy policy which clearly shows the processes related to the collection and storage of personal data, written in clear and understandable terms.

4 – Keep a list of sub-processors and ensure this is included in your privacy policy.

5 – Ensure your privacy policy meets lawful requirements and inform existing customers of any changes or updates to your policy when they occur.

6 – Appoint a Data Protection Officer for your organisation either internally or externally.

7 – Ensure all decision makers are informed of GDPR compliance.

8 – Update any IT security.

9 – Write policies and procedures across data lifecycles for security, storing of, backing up and archiving data.

10 – Ensure a hardware asset tracking system is in place to prevent lost or stolen IT devices.

11 – Provide training and resources for staff to better understand personal data protection.

12 – Appoint a representative from the EU to handle all issues related to processing (for businesses outside the EU).

13 – Report data breaches within 72- hours to the authority.

14 – Ensure there are contracts in place with data processors whom you share data with.

15 – Make sure customers can access and update their own personal information to keep it accurate.

16 – Ensure you delete any data that your business no longer has any use for.

17 – Make it easy for customers to request deletion of their personal data.

18- Ensure customers can request their

19 – Make it simple for customers to object to profiling or automated decision making that could impact them.

20 – Ask for consent when you start processing a persons information and make it as simple for them to withdraw it.

Ensure your IT disposal partner is compliant with GDPR regulations to avoid falling prey to serious non-compliance penalties.

“It takes significant experience and specialised knowledge to ensure that data is wiped and destroyed correctly and consistently across the entire spectrum of corporate IT assets.”
Matthew Nikolai, Technical Manager

G1 Asset Management offers GDPR compliant IT asset disposal and data destruction services that ensure complete data security.

For more information about G1 Asset Management, visit g1.com.au.