The General Data Protection Regulation (GDPR) is a hot topic at the moment, as it comes into force on May 25 2018.
Essentially it adds weight to the Data Protection Act around how you hold personal data, and although you won't need to be have everything in place on day one you will need to demonstrate you're working towards compliance.
The fine for being non-compliant is a whopping €20 million so it pays to be on the right side of GDPR!
So what can you do to ensure you comply?
Complete a data map
If your company has more than 250 employees, you'll need a statement on personal data. In practice, this means you'll need to complete a data map of what you're holding, where you're keeping it e.g. in a filing cabinet or an electronic database, how long you'll need to keep it for (and this should be the shortest length of time possible) and how and when it will be deleted.
You'll also need to document what protections you have for electronic data e.g. secure systems, secure email, encryption etc. Security of data is prevalent for GDPR, so you'll need to review your security processes.
Opt-in Contact your client base
Informed consent must be given to allow you to add someone to mailing lists and databases. If a client has been inactive for a long period of time, you'll need to get them to opt-in again, you can't just continue to use old information.
You'll need to find a way of automating this so you can pick these clients up.
Be able to delete personal data
Under this regulation, a person has the right to be forgotten. How easy would it be for you to now delete every record, document and email you have on a person?
If it's not going to be easy then you need to think about how you can simplify this because under the regulation you'll need to do it. You'll only have one month to action this from the request.
Simplify your subject access request processes
You'll no longer be able to charge when someone asks for what data you hold on them, and you'll need to provide this within one month.
You can find out more about the <a href="https://ico.org.uk/media/for-organisations/documents/1624219/preparing-for-the-gdpr-12-steps.pdf">ICO's guide here.</a>