Organisation Strategies to ensure Compliance with GDPR

    Cards (6)

    • Register with Information Commissioner's Office
      Organisations should be registered with the Information Commissioner's Office as a data user.
    • Restricted Access Systems
      Install restricted access systems so visitors have limited access to where data is held.
    • Safe Storage of Personal Data
      Have a policy that cabinets with sensitive data are locked at all times. Assign responsibility to an employee to ensure cabinets are locked when the office closes.
    • Record Information Use
      Create a procedure requiring anyone who accesses files/cabinets records what information they are using and why, with the date and time.
    • Access Rights
      Restrict access rights on the intranet so that only authorised people have access to data systems.
    • Regular Data Check
      Set up a regular data check asking the data subject to ensure that accurate information is held.
    See similar decks