How do we maintain compliance?

Once we are confident in our ability to demonstrate compliance with the UK GDPR across our whole organisation, we need to implement plans to maintain this.

Many organisations did some work in advance of the GDPR in May 2018, but then treated it as a completed project, and this approach has meant that data protection risks have gradually increased overtime.

There are a number of tools and techniques which can be helpful in maintaining compliance overtime:

  • DPIA’s
  • Triggers document
  • Data protection on every meeting agenda
  • Data protection by design and by default – implications for agile and waterfall projects
  • Nomination of a data protection officer (DPO) or data protection lead
  • Continuing professional development (CPD)
  • External help