It is the 24th May, GDPR is tomorrow and you are not ready...
Like your math homework at school, even if you don't always get the right answer you can get marks for showing your workings. For me this will apply to GDPR also, so if you have not yet done all you need to do consider the following and start to take action today to be able to demonstrate some of your workings towards compliance.
Have you informed your staff what GDPR is and what they should be looking out for, especially in relation to Data Breaches and Subject Access Requests. If not point them at this article Visualising GDPR for them to quickly get an overview.
If you have not by this stage got appropriate consent (where consent is needed - see below), then stop sending marketing emails to your customers as you will risk receiving a fine.
Legal Basis & Consent
Consent is only one of 6 Legal Basis, decide where you need to use Consent and work towards getting this in place as soon as possible. GDPR Mentor can help you document what is your Legal Basis for processing.
Once you have information how long do you need to keep it for, as GDPR states you should only keep information as long as is necessary. GDPR Mentor can help you document your retention policies.
Data Processing Agreements
You need to have agreements in place with third parties that you share personal information with, GDPR Mentor can generate Data Processing Agreements for you.
Records of Processing
You will need to understand and document all your processes where you are processing personal information, platforms such as GDPR Mentor can guide you through this process, as well as demonstrating your knowledge and producing much of the documentation you will require. Request For Information to find out more, or sign up at GDPR Mentor App