Your step by step project plan to GDPR readiness

Your step by step project plan to GDPR readiness

Allison Wooddisse, Head of In-House and Compliance, LexisNexis, considers what is on the horizon in relation to data protection and the GDPR for 2018 and what should be top of your to-do list right now on your journey to GDPR readiness.

Data protection. What happened in 2017? It's probably easier to say what hasn't happened.

At the time of writing, we still haven't had final guidance from the Information Commissioner's Office (ICO) on consent under the General Data Protection Regulation, Regulation (EU) 2016/679. Nor have we had detailed guidance on the scope of legitimate interests, direct marketing under the GDPR, and lawful processing. There’s also great uncertainty about whether the ePrivacy Regulation (currently in draft form) will be finalised and in force to coincide with implementation of the GDPR.

What are the practical implications?

It’s extremely difficult for organisations to draft their privacy notices and policies in readiness for the GDPR. This is because privacy notices and policies must state the lawful ground on which data is processed.

Many organisations will wish to move away from consent as the default ground for processing personal data, because the GDPR raises the bar for the standard of consent. ‘Legitimate interest’ is an attractive alternative ground for processing, but the only available detailed guidance predates the GDPR.

Key steps to action now.

The good news is, there are practical steps you can take today to be ahead of the game.

Before preparing a privacy notice or policy it is critical that you comprehensively identify what data you process, why and how.

Armed with this information, you can then form a preliminary view on the most appropriate ground for each processing activity, including legitimate interests and consent. Then, and only then, can you draft your privacy notices and policies. Helpful tools to consider include a

Subscription Form

Already a subscriber? Login
RELX (UK) Limited, trading as LexisNexis, and our LexisNexis Legal & Professional group companies will contact you to confirm your email address. You can manage your communication preferences via our Preference Centre. You can learn more about how we handle your personal data and your rights by reviewing our  Privacy Policy.

Related Articles:
Latest Articles:

Access this article and thousands of others like it free by subscribing to our blog.

Read full article

Already a subscriber? Login

About the author:

Louisa leads marketing for the in-house legal community at LexisNexis. She joined the dedicated in-house team at LexisNexis four years ago and has a passion for driving and facilitating initiatives which are customer-focused at their heart. Her vision is to support in-house counsel succeed in their fast-evolving role based on deep insight, data analysis and best practice gathered across the in-house community.

Prior to her in-house focused role, Louisa led the marketing for the bar and mid-market private practice sectors as well as product marketing lead for LexisPSL – LexisNexis’ cloud based, practical guidance and legal research software solution.

She brings 20 years’ marketing experience both client and agency side, specialising in B2B marketing in the Legal, TMT (Telco, Media and Technology) and Financial Services industries. In both South Africa, Europe and the UK.

Louisa is also an active member on the LexisNexis Gender Equality Matters (GEM) steering committee and is involved with the Families at LexisNexis Group which brings together, supports and lobbies for change those with an interest in balancing the challenges of work and family.