Welcome to the final part of our article series on Personal Data Protection.
We’ve so far outlined the concept of Personal Data, the GDPR and when this regulation applies, the rights of Data Subjects and the fundamental principle of the lawfulness of processing.
To ensure compliance with the GDPR and the obligations it imposes, we put together an indicative, non-exhaustive list of Dos and Don’ts.
Dos
- Conduct a data audit: Identify what personal data you collect, where it’s stored, and how it’s used.
- Lawfulness of Processing: To ensure that the processing of Personal Data is lawful, identify the legal basis for the collection and processing of such data.
- Update Policies: Ensure that both your internal and external policies are transparent, easy to understand and compliant with GDPR requirements.
- Train your staff: Educate your team on Personal Data protection best practices and their responsibilities under GDPR.
- Security Measures: Implement robust security measures (such as antivirus software and locked cabinets) to safeguard Personal Data from unauthorised access or breaches.
Don’ts
- Maintain Personal Data Indefinitely: Ensure that Personal Data are maintained only for as long as necessary.
- Use of Personal Data for Other Purposes: Do not use Personal Data for any other purpose which is not related to the purpose for which these have been collected.
- Sharing of Personal Data: Try to minimise sharing of Personal Data. If Personal Data will need to be shared with a third person, ensure that a Data Processing Agreement is in place.
- Cross-Border Data Transfers: Avoid transferring Personal Data outside the EU/EEA without adequate safeguards and agreements in place.
- High Risk Processing Activities: Avoid processing activities which entail a high risk to the Data Subject’s privacy or security. If such activities cannot be avoided, a Data Protection Impact Assessment will need to be carried out to identify and mitigate potential risks involved.
Know someone who would be interested? Forward them this article.
Did you find this series interesting?
We’re here to guide you through the process of achieving and maintaining GDPR compliance.