UK Data Protection Toolkit Implementation Guide
5 Ensuring compliance with the UK GDPR Given that data protection is not a new concept and the original Data Protection Act 1998 had been in place for twenty years, it is unlikely that you will be starting from nothing when working towards compliance with the new UK data protection legal framework (unless of course, you are a new start-up). This means that the emphasis will be more on improving what you already have and filling the gaps in those areas where the UK GDPR introduces something new. But many will see this as an opportunity for a major review and possibly overhaul of the way that they collect, hold and process personal data; a chance to get better acquainted with how their business works and build some extra benefit into what is otherwise a straightforward need to comply. That is possibly where the real value of the UK GDPR lies. This section gives guidance about what to consider when approaching the UK GDPR, in the approximate order in which the steps might be approached (although this does depend on where you are starting from). The sections correspond to the folders within the Toolkit and explain how each of the documents within that folder may be used, and the key tasks involved in each step are listed.
5.1 Step 1: Preparation project Relevant Toolkit documents: • • • • • • • • •
Project Initiation Document Project Plan (Microsoft Project Version) Project Plan (Microsoft Excel Version) Documentation Log UK Data Protection Briefing Presentation Executive Support Letter Compliance Evidence Meeting Minutes Gap Assessment Tool
Key tasks: • • • •
Perform a gap assessment Get senior management behind you Define, plan and initiate your project Get your documentation organised
The first step to complying with the UK GDPR is to understand how much of it your organisation already does anyway. In order to quantify how much additional work may be involved in getting to full compliance, a Gap Assessment Tool is provided within the Toolkit. This summarises the key points of the relevant sections in question form and is intended to give you a reasonable idea of where your compliant and non-compliant areas are. Roughly www.certikit.com
Page 19 of 31
