The General Data Protection Regulations (GDPR) will impact how your organisation handles sensitive personal information, which includes employee phone numbers, home addresses and bank account numbers. Most likely, your health and safety system or department stores a great deal of this information. For that reason, it is essential that you take the necessary steps to ensure that you are compliant.
- Understand and document your processes for collecting, handling and storing personal information, and ensure that they meet GDPR requirements.
- Keep detailed documentation of the personal data you hold.
- Conduct a cyber-risk assessment to evaluate the security of your personal information digital library.
- Consider whether your insurance arrangements need to be adjusted to include Cyber Liability Insurance (Contact us for help with this)
- Have clear documentation of where and how personal information is shared with third-party organisations.
- Review and define your organisation’s justifications for storing personal information.
- Assess the potential risk if your store of personal information was affected by a cyber-breach.
- Adopt GDPR data retention policies and establish a process to ensure that your organisation remains compliant.
For more information on ensuring compliance, contact GRP Insurance Services today.