With GDPR rolled out across the EU, the first crucial step is to, if you have not done so already is to map not only where your data is currently being stored but also what types of data you hold. Undertaking a comprehensive data audit will help you ascertain which pieces of information need to be protected under the GDPR Regulation and which fall outside. More importantly you will need to identify:
- Do you have the proper consent to use this data?
- Is the data being used for the purpose it was collected?
- Who processes this data?
- Where is this data held?
- Who owns and is responsible for the data?
- Is the data appropriately protected?
- Can this data be ported?
- How long does this data need to be retained?