If you hold personal information about your customers, your suppliers or your staff on a computer or other electronic device or in some sort of indexed filing system, you have to get to grips with changes to Isle of Man data protection legislation which will be coming in on 25 May 2018.
If you hold such information, you will be a data controller and there are eight key things you need to do by the end of May.
One - Map out what data you process and for which categories of people.
Two - Use this data map to develop Privacy Notices so that you can tell the people about whom you process data, in a very transparent way, what information you process about them and why.
.jpeg?width=209&height=140&crop=209:145,smart&quality=75)
Three - Obtain consent from the people that you need it from to keep on using their data. You probably don’t need consent for everything you do with data but if you do, you need to be able to clearly demonstrate that you have it.
Four - Consider what data you actually need so that you can keep your data to a minimum.
Five - Know how long you need to keep the data for and don’t keep it for any longer.
Six - Consider how secure the data that you hold is which means assessing the physical and technical security around your data.
Seven - Think about where you send the personal data that you hold. If you send it to another country, you need to consider whether the country you’re sending it to has similar data protection standards to the Isle of Man.
Eight - Educate any staff you have through training and having a data protection policy. Make sure they know how to report a data breach and how to handle a request from someone to see their data.
Accountability is a key focus in GDPR so if something goes wrong, it will be important for you to show that you took all the steps that you could to safeguard the data and protect the person’s rights and freedoms. Use the free resources as much as you can, including the guide for small businesses that the Information Commissioner has recently issued, and if you do need a hand, DQ has a team of accredited data protection practitioners to assist.