The General Data Protection Regulation UK Spelling - Page 13

Legal basis for processing personal data You should look at the various types of data processing you carry out, identify your legal basis for carrying it out and document it. Consent You should review how you are seeking, obtaining and recording consent and whether you need to make any changes. Data breaches You should make sure you have the right procedures in place to detect, report and investigate a personal data breach. Data Protection by Design and Data Protection Impact Assessments You should familiarise yourself now with the guidance the ICO has produced on Privacy Impact Assessments (PIAs) and consider how to implement them. Data Protection Officers You should designate a Data Protection Officer, if required, or someone to take responsibility for data protection compliance and assess where this role will sit within your organisation’s structure and governance arrangements. International If your organisation operates internationally, you should determine which data protection supervisory authority you come under. Extracts from Information Commissioner’s Office, Preparing for the General Data Protection Regulation (GDPR) 14/3/16, licensed under the Open Government Licence. SAN FRANCISCO | NEW YORK | LONDON | READING | PRAGUE | KUALA LUMPUR | SYDNEY