GDPR – Is YOUR Business Ready? A Message From ForrestHR

May 23, 2018

OVER the past month you’d be hard pressed not to have noticed emails pouring into your inbox from companies asking for permission to keep sending you deals, information and news about their brand and services.

Now with GDPR day upon us – Friday 25th May! – is your business ready?

The EU General Data Protection Regulation will replace the UK’s Data Protection Act on 25 May 2018 and the UK Government has indicated that GDPR will remain in force after Brexit.

This means that companies need to be transparent with how they hold personal data and to record what they do with it. Not only that, beyond May 25th companies will also need to maintain processes and data protection in a clear and coherent way.

Companies already compliant with the Data Protection Act should not find the transition difficult – but GDPR does set higher standards for transparency and accountability.

Consents previously obtained from individuals to use their personal data may remain in use if the way they were obtained is compliant with the new regulation. If not, consent will have to be refreshed.

What’s also new is that GDPR also grants an individual the right to ask a company for details of personal information they hold and then to request its deletion, alteration or place a restriction on how the information may be used.

Feeling concerned? If you’re in need of some last-minute help, we at ForrestHR can help in 3 simple steps to ensure you’re GDPR headache free!

1.    Assess & Analyse – Gap analysis and assessment carried out by our GDPR expert

This will identify how your business is currently placed to deal with the new data protection regulations. We will also provide detail on how to end any ‘data footprint’. Following the analysis and assessment, a report will be provided to the business detailing areas that require remedial action that we can also implement for you.

2.    Remediate & Implement

Ideally, this follows the “Assess & Analyse” step as the documents and processes will be now in line with those recommended to remedy the gaps that we have identified.  However, should you wish to cut out the Assess & Analyse option and go straight for the purchase of the ‘toolkit’ of appropriate documents, you are able to do so. Either way, our suite of documents will ensure you have everything you need to ensure you are fully compliant. Our documents will include an employee/worker privacy notice, employer’s data protection policy, client/customer privacy notice, data protection impact assessment for future data processing, procedure for dealing with subject access requests (SAR) plus many more!

3.    Monitor & Maintain

You now have everything in place, now what? Compliance with GDPR does not stop here. You need to maintain your revised processes and ensure you continue to strengthen data protection within your business.

You will need to continue with data protection impact assessments, deal, manage and respond to SAR’s and potential breach of personal data enquiries.

Is that headache coming back?! We recommend that you outsource these responsibilities and retain our GDPR expert to become your virtual Data Protection Officer (DPO) and deal with most data protection related queries on your behalf.

Each step can be purchased separately or sign up for all 3 at a discounted rate for a more cost-effective solution and most importantly removing any further GDPR anxiety.

For more information, please contact Sophie Forrest at ForrestHR: (T) 01892 548 156 (E), or visit