GDPR in 5 easy steps

GDPR covers all personal data (employee and customer data). You need to know what personal data you collect, why you keep the data and have measures in place to only keep that data securely and only for as long as necessary.

The core requirements are:

     Summary What this means? What you need to do? How we can help you?
1. Data only needs to
be collected for
specified and
legitimate purposes.
Only collect personal data you have a need and a valid reason for. · Know what personal data you collect and how it’s managed.

· Have specific reasons and an ongoing need for the data you collect and manage.
We will work with you to map your data processing activities and establish the grounds for retaining and managing the personal data.
2. Data subjects
(employees and
customers) need to
explicitly consent before
receiving marketing
material and before
their sensitive personal
data (e.g. medical
conditions) is processed
by  you.
Data subjects need to opt in to receiving marketing material from you and agree that you can record and process any sensitive information you capture about them. · Ensure you only market to customers who have expressly opted in to receiving the material.

· Ensure you only capture sensitive personal data where the data subject has given their explicit consent.
We will help you to review and amend your marketing and sensitive data consent journey to ensure it is fit for purpose.
3. Data subjects have
stronger rights in
relation to the
personal data you
hold about them.
The data subject can ask you to provide, correct, restrict, delete and transfer the personal data you hold about them. · Have procedures in place to provide, correct, restrict processing, delete and transfer the personal data to a data subject.

· Inform your data subjects how and why you process their data.
We can help you create the processes and procedures to meet these requirements and provide you with letter templates to respond to queries from data subjects.
4. Data needs to be
held securely.
Ensure that you retain data securely. · Have appropriate security measures in place to protect the personal data. We will review the strength of your data security and/or help you to
implement appropriate controls.
5. Data Protection
Breachesneed to be
reported to
the Information
Commission Officer
Be able to detect and report data protection breaches to the ICO. Train your staff to ensure they understand what a data protection breach is, how to manage it and have a process in place to the report the breach to the ICO. We will create and provide your staff with focused data protection training and an annual competency test.

Parker Management Consultants, 1st floor, Dominion Court, 43, Station Road, Solihull, B91 3RT Contact us here