I found it surprisingly easy to register on the Information Commissioner Office’s website (ICO). Usually these Government type websites are inflexible and it is nigh on impossible to use.
I decided to take the opportunity of GDPR on 28 May 2018 to think about how I get, store, use and destroy information I hold on those people I am trying to get into work or those clients I am working with to upskill their teams in mental health and well being.
What I noticed about the ICO’s website is you can type everything in about your data processes so it’s absolutely clear to all stakeholders what happens to their data, their rights and obligations. Usually, it’s a ‘square peg and round hole’ scenario where you have to try to make generic drop down menus fit with your business.
In addition, I’ve introduced a full data information sheet which I issue to everyone and get their signature on a receipt index.
As an added measure, for clarity, I’ve introduced a digital recording system for all 1-2-1 meetings and an additional authorisation sheet is signed for this.
There is a lot of anticipation around GDPR. When you look at it as protection for your business, it’s not nearly as onerous as it first looks.