With all the recent media attention it has been impossible to avoid GDPR, but despite this many businesses are still ignoring the need to update their policies and procedures. It has been almost 3 months since the General Data Protection Regulation (GDPR) came into force but here at Stephens Scown we are still seeing a number of businesses with out of date privacy policies on their websites.
From discussions I have had with the business community in recent weeks there seems to be a lot of complacency that if you are not a big company like Facebook or Google then you don’t have to worry about GDPR, but unfortunately this is not the case. Here at Stephens Scown we have seen a marked increase in the number of enquiries we receive from individuals concerned about their privacy rights since May with all the publicity that GDPR has received. Individuals are now acutely aware of their data protection rights and are getting more savvy at enforcing them. We have also seen an increase in the number of businesses receiving subject access requests under GDPR, whether it be from disgruntled employees or recipients of marketing emails. Many businesses have found these requests difficult to respond to, particularly if they have not updated their privacy policies.
2. Your policy does not state who the data controller is
3. Your policy does not mention the legal bases you are relying on to process personal data
4. Your policy does not inform individuals of the various rights they have under GDPR
5. Your policy does not cover international data transfers
6. Your policy states that you do not share personal data with third parties (this is unlikely to be true when you use external hosting or software providers)