The GDPR challenge - By Eoin Lyons
Like lots of other companies we are in the midst of trying to make sure we wake up on the 25th May 2018 feeling relatively at ease with the world.
Initially in the OPAL Group we decided to wait for the promised guidance from the ICO before getting properly stuck in but as the weeks ticked by we decided to go to the primary EU source and get our project underway.
At the OPAL Group we have two basic objectives in terms of ensuring the required changes are delivered – making sure our own data is correctly managed in line with GDPR and also making sure our client companies’ data is managed in line with the requirements. Big ticket items to ensure we have properly addressed everything include:
· How we will be able to manage and respond to subject access requests and the new right of erasure
· Our data destruction policy and its enforcement
· Communicating appropriately with our policyholders.
Based on the above we have devised our implementation plan which has four phases:
· Gap Analysis
· Internal Audit
· Action Plan
· Training and Implementation.
Our strategy is not limited to reading the GDPR and ICO guidance. We are also gathering information from clients as well as researching online and attending specialist seminars. The latter is a great way of checking that we are on track or there are some wrinkles we had not appreciated that our peers are tackling.
The project is challenging but it has also created some focus around our data management that will ensure improvement happens quicker than otherwise might have occurred. Whisper it ... we at OPAL should be grateful for the opportunities GDPR has given us!
[Credit: Margaret Sokoya]