As our recent GDPR compliance market survey showed, many in-house lawyers are not feeling confident about their organisation complying with the GDPR by 25 May 2018, a considerable number pointing to a lack of management buy-in.
Practical Law is continuing to update its existing suite of resources and publish a toolkit of new practical content designed to support in-house teams in their compliance efforts, including resources to help those conversations with the powers that be. I updated you on some new additions on this blog in early December. Since the new year, we have published further new content to draw to your attention:
- Standard document, Privacy Standard (GDPR version) is our new form data protection policy, tailored to comply with the GDPR, setting out the principles and legal conditions that organisations need to satisfy when processing personal data in the course of their operations.
- Standard document, GDPR accountability questionnaire for senior management provides senior management with a tool for assessing current levels of compliance and to help identify key areas of vulnerability to be addressed in relation to the GDPR. This resource may of particular help in the challenge of focusing minds for those who are concerned about the senior level complacency towards the GDPR identified in our survey.
- Standard document, Data protection impact assessment (DPIA) is designed to be used as part of a formal DPIA process to evaluate the potential impact of high risk data processing activities, a key component of the new regime (under Article 35, GDPR).
- General Data Protection Regulation (GDPR) training materials provides a PowerPoint presentation with accompanying notes to enable counsel to present in manageable bite-size chunks to their colleagues on aspects of the new GDPR regime. This resource also has the potential to help with getting buy-in at senior level.
- Data sharing with suppliers under the GDPR: video in which Andrew Dyson of DLA Piper UK LLP offers guidance for ensuring that the necessary arrangements are in place when sharing personal data with suppliers to meet the requirements of the GDPR.
- Conducting a data audit under the GDPR: video in which Andrew Dyson of DLA Piper UK LLP provides advice on managing a data audit within your organisation and using its results to meet the requirements of the GDPR.
- GDPR Cross-Border Transfers Checklist outlines steps for commercial organisations subject to the GDPR to take when transferring personal data out of the European Economic Area (EEA).
- Preparing for the General Data Protection Regulation (GDPR) Checklist outlines the new requirements under the GDPR (compared with the Data Protection Directive) and sets out key process reviews businesses should undertake and strategies for embedding the GDPR’s requirements in business operations.
- Standard document, Record of Processing Activities Under Article 30 (GDPR) is a standard document counsel representing both controllers and processors can use to create the record of processing activities required by Article 30, GDPR.
We are continuing to work on updating existing content and creating new resources and will keep you updated via the weekly in-house email and this blog. You can keep track of the GDPR content pipeline across Practical Law by taking a look at EU General Data Protection Regulation: Practical Law coverage.