The GDPR was enforced across all EU Member States on 25 May 2018. Undoubtedly preparing for the new law was a huge challenge for many organisations. But, it didn’t all end in May 2018. It’s clear a continued commitment is needed to ensure policies, processes and procedures are regularly reviewed and actually work in practice. A continual effort to keep records up to date and to try and ensure the overarching themes of transparency and accountability are met.
A key area is ensuring you have identified a lawful basis for different processing activities, and meeting the requirements of that basis. In July 2017 the DPN published industry-led Legitimate Interests Guidance, which was updated in April 2018 with cases studies and more examples of where Legitimate Interests may be appropriate.
We also have a number of other resources to help, including:
What is GDPR?
GDPR Data Protection Impact Assessments Guide
GDPR Right of Access
GDPR Data Retention Quick Guide
GDPR and Data Breaches: Are you prepared?
General Data Protection Regulation – a practical guide for business
The ICO’s overview of the General Data Protection Regulation