• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar
  • Skip to footer

Weekend Witch Social Media

Specialists in Effective Communication Skills, plain English training & SEO writing & editing

  • Home
  • Services
    • Social Media Management
    • Social Media Coaching
    • Social Media Marketing Strategy
    • LinkedIn Services
    • Content Marketing
    • Profile Optimisation
    • Plain English Copy Editing
    • Plain English Coaching
  • About
    • About Us
    • Meet the Team
    • Testimonials
    • Renée’s poetry
    • Social Media Management Packages
  • Blog
  • Contact

GDPR in Plain English – 10 steps to take now

You are here: Home / Blog / GDPR in Plain English – 10 steps to take now

May 20, 2018 By Renée 2 Comments

The General Data Protection Regulation (GDPR) comes into force on 25 May.  If you hold any information on file about people, this new law affects you and you should be preparing for it now.

Imaginative Training | social media blog | social media training | Plain English training | Plain English editing | LinkedIn coaching ! LinkedIn training | social media marketing

What’s different to the current Data Protection Act?

Not a lot will change; it’s still about keeping people’s personal information safe. The way you act with regard to people’s data must still be lawful, fair and transparent – and you must have a clear purpose for handling their information.

If you comply with data protection rules now, much of your work is probably already in place.  The GDPR places greater emphasis on the documentation that you (as the Data Controller) must keep to demonstrate your accountability, so you need to have effective policies and procedures in place before May.  These must be written in plain English.

Make sure everyone in your organisation knows that the law is changing and this will impact on some areas of work, such as filing, storing information on line and contacting people by email. Brexit won’t make a difference – we all have to comply or face horrendous fines.

10 steps you can take right away

  1. Know what information you hold
    Document what personal data you hold, where it came from and who you share it with.
    Maintain clear records of your processing activities.
    .
  2. Be aware of people’s rights
    Check your procedures to make sure they cover people’s rights, including how you would delete their personal data or provide data electronically and in a ‘commonly used format.’ People have many rights, including to be informed, access their information free-of-charge, have it deleted and not to be subject to automated decision-making, including profiling.
  1. Communicate privacy information
    Review your privacy notices and make any necessary changes. When you collect personal data you currently have to give people certain information, such as your identity and how you intend to use their information. This is usually done through a ‘privacy notice.’ You must now also tell people your ‘lawful basis’ for processing the data, how long you plan to keep their information and that they have a right to complain to the Information Commissioner’s Office (ICO) if they think there is a problem with the way you are handling their data. The GDPR requires this information to be provided in concise, easy to understand and clear language – in other words, in plain English! If you have inaccurate personal data and have shared this with another organisation, you will have to tell the other organisation so it can correct its own records.
  1. State your lawful basis for processing personal data
    Why do you keep people’s information? Identify the lawful basis for why you’re processing people’s data, document it and update your privacy notice to explain it. Some people’s rights will be modified depending on your lawful basis for processing their personal data; the most obvious example is that people will have a stronger right to have their data deleted where you use consent as your lawful basis for processing.
    .
  2. Gain consent
    Review how you seek, record and manage consent. (The ICO has published detailed guidance on consent and offers a checklist to review your practices.) Consent must be freely given, specific, informed and unambiguous. There must be a positive opt-in; consent cannot be inferred from silence, pre-ticked boxes or inactivity. It must also be separate from other terms and conditions, and you must have simple ways for people to withdraw their consent. Consent has to be verifiable and people generally have more rights where you rely on consent to process their data. In these cases, make sure it meets the GDPR standard on being specific, clear, prominent, opt-in, properly documented and easily withdrawn.
    .
  3. Handle subject access requests
    Update your procedures on how to handle requests to provide any additional information. Under the new rules, you will have a month to comply, rather than the current 40 days, and you can refuse or charge for requests that are ‘manifestly unfounded’ or excessive. If you refuse a request, you must tell the person why, and let them know that they have the right to complain to the supervisory authority and to a legal remedy.
    .
  4. Deal with data breaches
    Make sure you have the right procedures in place to detect, report and investigate a personal data breach. You may need to notify the ICO (and possibly some other bodies) if you suffer a personal data breach that is likely to result in anyone being at risk of discrimination, damage to reputation, financial loss, loss of confidentiality or any other significant economic or social disadvantage. You will also have to notify the people affected.
    .
  5. Protect children
    GDPR introduces special protection for children’s personal data, particularly in the context of commercial internet services such as social networking. If relevant to your business, put systems in place to verify people’s ages and to obtain parental or guardian consent for any data processing activity. Children can give their own consent to processing at age 16 (although this may be lowered to 13 in the UK). If a child is younger, you will need to get consent from a person holding ‘parental responsibility’.
    .
  6. Name your Data Protection Officer
    Designate someone to take responsibility for data protection compliance, if you don’t already have someone in this role. Look into the ICO’s code of practice on Privacy Impact Assessments to see whether this relates to your business.
    .
  7. International? Know which rules apply
    If your business operates in more than one EU member state, find out which will be your lead data protection supervisory authority and make sure you apply the relevant rules.
    .

Hopefully, these notes will give you a head start on tidying up your systems in anticipation of the forthcoming changes. This info is adapted from the GDPR section of the Information Commissioner’s Office website where there’s loads more useful advice and guidance to set you straight.

Feel free to get in touch if you’d like help to edit your privacy statement or any other documents into plain English.

Category iconBlog Tag iconbusiness,  effective communication,  Plain English

Reader Interactions

Comments

  1. Cyndy Lessing says

    April 17, 2018 at 1:13 pm

    I’ve read a few articles on GDPR but none have been as clear as this blog. I shall have it by my side when I go through all the GDPR rules and regs tomorrow.
    Well done Renee!

    Reply
    • Renée says

      April 17, 2018 at 1:41 pm

      Many thanks Cyndy! There will be another blog coming soon spcifically on ‘Consent.’

      Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Creating your new social media marketing strategy

12 social media tips to start the year

A creative way to update your marketing for 2021

A warmer, friendlier LinkedIn is on the way

Social media also comes up trumps for personal reasons

From chocolate shops to accessing a GP or therapist

Happy clients say…


Renée is an amazing writer who is the author of some fantastic blogs… very informal and conversational, she talks TO the reader rather than at them. She uses a lot of humour, she doesn't take herself too seriously and isn't scared to laugh at herself; a bit of naughtiness included too for added spice(!)… I asked Renee to help me understand SEO and how to improve my site. We had a one to one session in which she explained in detail everything I needed to know. Her explanation was clear and fully understandable, which was great for me as I had no previous knowledge of SEO or social marketing. I left our meeting confident of what I needed to do in order to boost my site, which is exactly what I wanted to gain from the session... Renée is the most friendly and professional person I have ever worked with. She is an asset to any company and brings a new insight into training. I would strongly recommend Renée to any company wishing to grow and to improve staff performance… Renee is the ultimate networker and is happy to share her contacts for the benefit of others. She is very knowledgeable and has a great network of contacts... Renée creates fantastic web content and writes our twice-weekly blog. Being results-driven, she has succeeded in increasing traffic referrals to our website and raising us swiftly through Google rankings. She also runs our social media marketing campaigns effectively and handles all related staff training in a relaxed and lively manner. She’s great to work with and bakes nice cakes!... I have received great compliments about Renée from those attending the Mildmay Job Clubs... Renée has made valued contributions to our key School Policies (such as The Equality and Diversity policy and The Learning and Teaching policy). She is extremely professional, she has a great eye for detail and can empathise with the target audience. She ensures what is written is a true reflection of what is going to happen or what needs to be said whilst encompassing all stakeholders in the process... Renée’s writing is clear and concise and we have used this in our accountancy practice to produce professional letters to our clients that they can understand. All our team are unanimous when we say Renee is a pleasure to work with and we are looking forward to continuing our strong relationship... A professional and well organised outfit that exceeded expectations. Excellent feedback from the client group who asked for more of the same... Renée has a very good reputation among learners and staff. Her learners benefitted from her expertise. She has a very good outcome from her learners. We are very happy to have Renée as part of our team at Redbridge Institute of Adult Education... Renée has a very relaxed style and is able to get on with colleagues at all levels. She is able to engage very diverse audiences when training, which she delivers in a very user-friendly way. I am more than happy to talk to any potential clients…Personable, expert, high integrity... Delegates came away from the training sessions with vital new skills and a better understanding of how they could communicate more clearly… Renée was able to run these sessions in such a way as to make them both informative and enjoyable. I was remarkably impressed with Renee’s professionalism and expertise and can honestly say that she helped us achieve 100% of the targets we had set ourselves. I would have no hesitation in recommending her… Renée demonstrates outstanding oral presentation skills and has an enthusiastic approach to the subject which promotes motivation and participation between learners... Highly effective identification of individuals' learning needs, excellent support provided as appropriate: one-to-one or as a group...
.

Footer

Copyright © 2019 ImaginativeTraining.com
Home | About | Contact  | Privacy  | Cookies  | Terms

 

 
We use cookies to give you the best website experience. If you continue to use this site we will assume that you are happy with it. Ok, thanks.More about cookies