¾«Æ·¹ú²ú×ÔÏßÎçÒ¹¸£Àû

The most important aspect of ‘Being Aware’ is to appoint a responsible person to drive GDPR compliance, to raise awareness of risks, to identify training requirements and to implement processes such as how to respond to data subject rights requests and data security breaches.

It may not be expected, nor desirable, that everyone in the firm would take responsibility for responding to a data subject rights request or data breach, but it is important that every staff member knows what these events look like so that the matter can be promptly referred internally to the appropriate person.

Awareness is an ongoing obligation and refresher training required to keep staff up to date with, and conscious of, requirements.

Checklist

• Has a person with appropriate seniority been appointed to drive GDPR compliance in the firm?

• Are staff aware of data protection requirements?

• Are staff aware of the consequences of failure to comply with data protection requirements?

• Have staff completed appropriate data protection and information security training?

• Are your staff able to recognise and appropriate handle to a data subject access request?

• Are your staff able to recognise and appropriate handle a data security breach?

• Are staff trained in data protection matters?

Return to GDPR Guidance and templates >