How to comply with GDPR
Historically the guidelines on data handling have not been particularly strict. Under GDPR this will change as organisations handling data must comply to a strict set of guidelines.
• The GDPR guidelines dictate that only an authorised person with security clearance can handle and process data. Organisations must ensure data is regularly cleaned and checked.
• Measures must also be put in place to protect and prepare for cyber-attacks and unauthorised handling of data.
• Organisations that encounter data breaches will be subject to severe financial penalties as a result of their failure to protect the data.
• Under GDPR data cannot be processed without the consent of the individual that the data belongs to and fresh consent must be sought each time the intended use of the data changes.
• Once data has been used for the intended purpose that consent has been sought for, it must be removed and cannot be re-used without further consent.
• Prior to any data being processed, the risks must be assessed with potential consequences calculated and measures put in place to control the risk.