The GDPR deadline is 25 May 2018, so what have we been doing here at Clear Books?
We’ve carried out a full audit to ensure we know what personal data we hold, how we collect it, and what we use it for.
We’ve ensured we have an appropriate lawful basis every time we process personal data. This includes, when necessary, making sure we get consent from people, so we’ve added tick boxes where needed.
We’ve checked our security measures to ensure all the data we hold is safe.
We have updated our Data Protection Policies to make sure they are GDPR compliant, and ensured we have a clear Incident Management Plan for dealing with a data breach.
We have implemented a training programme for all Clear Books employees to make sure every member of the team understands how to keep personal data secure. This training has already started and will be ongoing to ensure data protection is always at the forefront of the team’s minds.
We have been reviewing contracts with third parties to check that those third parties are GDPR compliant.
We have been reviewing our policy around data retention, and as a result we have decided to archive then delete data within closed accounts. We are aware that some customers will want to keep their data, so we have at the same time introduced ‘dormant accounts’ which give customers the option of preserving their data in ‘view-only’ accounts at a minimal fee.