You are not currently logged in
Log In | Register

ICO Registration - Next Steps.

Tagged with ICO Data Protection, ICO Letter, GDPR HELP, GDPR ADVICE, GDPR, ICO, ENFORCEMENT, OPTINDGIO, ICO FINE, ICO ENFORCEMENT, GDPR FINE
by Adam Brogden
in Blog

02-Jan-2020 12:17

The ICO requires you to register with them and also to ensure that your company meets the General Data Protection Regulations rules. These rules are based on a set of EU wide articles and literally hundreds of pages of detail.

GDPR describes how a company must handle personal data including how it collects, stores, and processes data. GDPR also defines how companies must respect the rights of the individual and respond to any requests. GDPR is complicated and there is very little guidance on what companies actually have to do to be compliant. If you run a small company then creating an account at optindigo.com and registering with the ICO is a good first step but there is more to do.

For more information about ICO registration take a look at our ICO Registration page at:ICO Registration Quiz

Generally speaking you need to create a set of policies and procedures that demonstrate compliance with these GDPR rules. This is no mean feat! We can help. Our optindigo.com platform is designed to help companies through the GDPR compliance process as quickly and easily as possible. Call / chat / email us now to get started.

The following gives you a taste of what is required….

Raise awareness across your business

Make sure key people and decision-makers are aware of GDPR, this might be pretty simple in small companies and sole-traders but in bigger companies the need to complete GDPR needs to be recognised at the highest levels so they can understand the potential impact and identify areas that require attention for compliance and allocate funds and resources to start work.

Audit all personal data

This is one of the most difficult areas – GDPR is all about data and putting in place processes and technology to protect this data and the rights of the person. You need to start by documenting what personal data you hold, where it came from and who you share it with. The GDPR makes organisations responsible for proving they comply with the data protection principles, for example by having effective policies and procedures in place. The optindigo.com pack includes a set of useful templates and pre-filled forms to help you do this more easily.

Update your privacy notice.

This is probably the most important task of all – when you collect data from anyone you need to tell them why you are collecting their data, what you plan to do with it, how you will keep it safe, and who you will share it with etc… You define this in your Privacy Notice – this is usually a document or web page which you make available to the person at the time you collect their data. If you haven’t done this already then do it now!! If you need help there is a Privacy Policy only option in our pack list.

Review your procedures supporting individuals’ rights.

The key thing here is to make sure you have the procedures in place so you can comply with, for example, an individual’s request to provide them with the data you have on them electronically and in a commonly used format.

The main rights for individuals under the GDPR are to:

  • allow subject access

  • have inaccuracies corrected

  • have information erased

  • prevent direct marketing

  • prevent automated decision-making and profiling

  • allow data portability (as per the paragraph above)

You need to have processes in place to prove that you can respond to any request. These processes are documents which describe how you handle a request. Optindigo has documents and online management tools to help you.

Review your procedures supporting Subject Access Requests.

SAR’s are a pain in the head! Depending on the type and size of organisations, subject access requests could generate a logistical/administrative nightmare for many businesses. Under the new rules, you have to respond to any request, can not charge for complying with requests, and have just a month to comply. The rules are complicated, but you need to have policies and procedures in place to demonstrate how you comply. More documents I am afraid but we can provide these for you.

Identify and document your legal basis for processing personal data.

Under the GDPR, you need to have a lawful basis to process any data – there are only a few valid options and you need to document how you comply. Individuals’ rights can vary depending on your legal basis for processing their personal data. So you need to understand the various types of data processing you carry out, identify your legal basis for carrying it out and document it. This is vital and just a little complicated so our Legitimate Interest Assessment forms will help.

Review how you seek, obtain and record consent.

If you want to send marketing information or share a persons details with a third party you may well need their explicit consent. If you have decided to use Consent as your lawful basis to process their data, make sure it meets the standards required by the GDPR. If not, alter your consent mechanisms or find an alternative to consent. The GDPR is clear that data controllers must be able to demonstrate that consent was given. So you may need to review the systems you have for recording consent and ensure you have an effective audit trail. Here at optindigo.com we will review your consent mechanisms for you and help keep you safe.

Review the data you hold on children.

For the first time, the GDPR will bring in special protection for children’s personal data. So if your organisation collects information about children under the age of 13, you will need parental/guardian consent to process their data lawfully. This is a very sensitive area so call us anytime to discuss.

Establish procedures to detect, report and investigate a personal data breach.

The GDPR requires that all organisations notify the ICO of all data breaches where the individual is likely to suffer some form of damage, such as through identity theft or a confidentiality breach. So you need to set up processes to detect, report and investigate breaches. Note that failure to report a breach could result in a fine, as well as a fine for the breach itself. However, our advice is that is you think you have had a breach call us first. There are rules about what sort of events you have to report, and we may well be able to get you out of trouble.

Review your processes around Data Privacy Impact Assessments (DPIAs).

You may be required to carry out a privacy impact assessment (PIA) in a high-risk situation such as a new technology deployment, or where operations are likely to significantly affect individuals. This is not required for most companies so fingers crossed it won’t apply to you! This is a complicated and technically difficult task but we can help if you need.

Appoint a Data Protection Office (DPO).

If your organisation employees 250 or more people, is a public authority or is involved in the regular and systematic monitoring of data subjects on a large scale, you should appoint a data protection officer. The DPO should take proper responsibility for data protection compliance and have the knowledge, support and authority to do so effectively. Here at optindigo we offer a Virtual DPO service – we can act as your DPO if you need. Call us to discuss.

Compliance with these regulations will result in a set of documents, policies, procedures, staff training requirements, and possibly changes to the way your company works. This sounds like a lot of work but this is not optional. Failure to comply could result in a huge fine from the ICO – don’t risk it.

Call us now.

Good luck all.

Textgoto is a UK based text marketing SMS aggregator offering the lowest cost SMS, with the highest quality and best text delivery rates. We design, develop and support our own unique advanced SMS platform, offering the most sophisticated SMS campaign management and text message data handling functionality available.

Our bulk text marketing platform offers full SMS API integration, unlimited SMS throughput, and response management functions.

Based in the North West UK we are easy to contact and always willing to help. Our team is made up of seasoned text developers, experienced SMS campaign managers, and cool operations managers. Together we have all the skills and experience you need to run your amazing SMS campaigns. Call us today on 01772217800 or just click the button below to register a free account today

Try us for free now