Now you have registered for the year and have taken the first step to complying with the law, what are your next steps?
Thank you for completing your registration with the Office of the Data Protection Authority. This is the first step to complying with data protection law.
Get to know the law
Read up on and increase your own understanding of the Law, especially the areas most relevant to how you handle data.
Tell your team
If you have a board of directors or management team, make sure understanding of and compliance with data protection law is firmly on their agenda and that they know they are responsible for it.
Get to know your data
Treat the data you process as you would any other item of value.
Take an inventory - What do you have? Where is it? Who has access to it? What are the policies and procedures around it? A comprehensive data audit like this is fundamental – you cannot adequately protect data if you do not know what data you control or process. This is the most useful step you can take.
Document what you do
Determine, and document in your Data Processing Notice which lawful processing conditions you rely on for each area of processing. Consider that you are likely to be using different conditions for different purposes.
Check that you are doing it right
Look at each data collection point you have and ensure you are fulfilling your legal obligation to provide detailed information about the processing to people (for example, publishing a data processing notice or policy on your website). If you are relying on consent, check that the method you’re using meets the standard required under the law.
Raise awareness in your organisation
Ensure data protection is covered in your staff contracts and handbook and hold regular awareness-raising activities with all your staff.
Make sure that all your staff understand their responsibilities and understand what individuals’ 10 rights are.
Put safeguards in place
Ensure you have appropriate security and safeguards around all your data, both electronic and hard copy.
Understand breach reporting
Consider who you share data with
Review all relationships you have with third parties where data is involved. Review and update the contracts you have with them.
Maintain your annual registration with the ODPA.
Be sure to renew your registration each year to remain compliant with the law.
Focus on the accountability principle
Consider how will you demonstrate that you are taking responsibility for what you’re doing with people’s data. This applies both for internal governance purposes but also in case you have to respond to a complaint from the public or an enquiry from the ODPA.
Visit our Beginners’ Area for more information.