With a month to go before the 25th of May and GDPR coming into effect, there have been a lot of panicked people rushing to get organised in time. Well, there is no need to panic.

That was the message we wanted to take out on our two-week GDPR UK & Ireland Tour that took us to cities up and down the UK and Ireland, including London, Manchester, Wales, Dublin, Glasgow, Galway and a few others. Over 200 organisations attended the GDPR workshops; the feedback was really good, and we are delighted to have successfully demystified GDPR for our community!

The focus on the workshops was two-fold: ease the worry over GDPR and give everyone concrete steps to themselves ready. Forget the GDPR-scaremongering, our goal was to make GDPR clear and easy to understand, and demonstrate how our community can become compliant very easily.

The crux of the workshop looked at the different legal basis that venues can use in order to process their customers’ data. There are six in all, but we only covered three which were:

  • Performance of Contract
  • Consent
  • Legitimate Interest

Once you identify the legal basis that you will use for the different data processing activities you carry out, you will need to document this in your Data Processing Audit.

That’s step 1 done for beginning to be GDPR compliant (see we said it is fairly straightforward).

Step 2 is updating your privacy policy. Your privacy policy needs to communicate what customer data you hold and on what legal basis you will be using that data. Furthermore, and perhaps even more importantly, you must outline how customers can withdraw from the holding and use of their data. This is your basic starting point, and you will certainly need to add more to your Privacy Policy. If you need more help, get in touch and we will be happy to lend a hand.

Step 3 (and the final step): review this process regularly. We recommend a review every 6 months or so, and be sure to record what was discussed and pop it into your GDPR file. This way, you can evidence that GDPR is an ongoing process within the organisation.

There you have it. GDPR broken down into 3 easy steps; the simple version. There are, of course, other areas such as PECR, 3rd Party Data Sharing and so on, but we these three steps you’ve made a good start. If you want advice or just to bounce a few ideas off us, please get in touch and we will be more than happy to chat through things with you.