AI Issue 4 2018 - John Harrison & Company

Acquisition International - Issue 4 2018 51 The countdown to GDPR: What it means for customer communications and how to prepare for the appointed hour Implementing a core team of IT, developers, legal and HR staff should be another priority. These are the people who can assist with understanding where personal data is held and if that data is protected by GDPR. Similarly, access to such data should be given only to appropriate staff and systems that need the data for work-related purposes. Data flows and mapping will help to ensure businesses understand what personal data they hold, where it came from and who it is shared with. Companies should review their current privacy notices and put a plan in place for making any necessary changes in time for GDPR implementation. Existing consents should be refreshed if they don’t meet the GDPR standard, and a full review on how consent is sought, recorded and managed should be undertaken. It is of the utmost importance that the right procedures are put in place for detecting, reporting, and investigating a personal data breach - you only have 72 hours to report a breach under GDPR. Individuals should also familiarise themselves with the ICO’s code of practice on Privacy Impact Assessments - as well as the latest guidance from the Article 29 Working Party. For all companies that engage in customer communication, these new, more stringent review systems are essential to operating under GDPR. With the 25th May deadline rapidly approaching, the time is now to prepare for these changes. Written by Johan Hybinette, Chief Information Security Officer at Vonage