With GDPR just weeks away, it is crucial that your board and organisation are up-to-date on the rules and regulations that will come into effect on 25 May 2018.
GDPR requires companies to make clear why and how they collect the personal data of individuals – including employees – and to make that data available when a person requests it.
This has profound consequences for the standing policies under which your company operates.
Just two per cent of the IoD member base have taken advantage of the dedicated GDPR advice service offered by the Institute so far, so it is recommended that you contact the team as soon as you can to avoid being caught in a last minute rush of enquiries and requests.
The IoD's Information & Advisory Service (IAS), which is a free service available to all members as part of your ongoing membership, has a number of useful resources and documents available to make the transition to becoming GDPR compliant more manageable and digestible.
Among the services offered are:
- Over 20 template documents, including company privacy statements, a website policy, notification to employees and customers, dealing with data subject access requests, and many more.
- Over 20 practice notes explaining GDPR. There is specific guidance on how a company should act following a data breach, how to respond to Subject Access Requests, controls on data processing, and gaining consent for use of personal data in commercial activities.
To make the most of this free advice, offered as standard as part of your IoD membership, please contact the IAS team as soon as possible, or view the full library of available resources within the IoD GDPR hub here.