27 Apr 2018 | GDPR
The focus on the workshops was two-fold: ease the worry over GDPR and give everyone concrete steps to themselves ready. Forget the GDPR-scaremongering, our goal was to make GDPR clear and easy to understand, and demonstrate how our community can become compliant very easily.
The crux of the workshop looked at the different legal basis that venues can use in order to process their customers' data.
There are six in all, but we only covered three which were:
- Performance of Contract
- Legitimate Interest
Once you identify the legal basis that you will use for the different data processing activities you carry out, you will need to document this in your Data Processing Audit. That’s Step 1 done for beginning to be GDPR compliant (see we said it is fairly straightforward).
Step 3 (and the final step): review this process regularly. We recommend a review every 6 months or so, and be sure to record what was discussed and pop it into your GDPR file. This way, you can evidence that GDPR is an ongoing process within the organisation. There you have it. GDPR broken down into 3 easy steps; the simple version.
There are, of course, other areas such as PECR, 3rd Party Data Sharing and so on, but we these three steps you’ve made a good start.
If you want advice or just to bounce a few ideas off us, please get in touch and we will be more than happy to chat through things with you.