Skip navigation

Bookboon.com The best way to educate yourself

GDPR: 6 Tips for managers

So, you’re a little confused about GDPR? Have no fear, many managers are. As with most laws, the ins and outs of The General Data Protection Regulation are less than straight-forward. However, as a manager or business owner, it is important that you have a good understanding of what GDPR means for you, your business, your employees and your clients. That’s why we’ve got GDPR 6 tips for managers.

What is Data Protection?

The General Data Protection Regulation (GDPR) is a regulation in EU law on data protection and privacy implemented in May of 2018. Data protection laws set out limitations on the categories of personal data which may be collected, under which circumstances that data may be collected, and for how long the data may be stored. 

Collecting personal data 

A great place to start is by understanding what “personal data” actually is. Personal data is any information, which, directly or indirectly, relates to an identified or identifiable natural person.

GDPR tells us that someone’s personal data may only be collected for specified, explicit, and legitimate purposes, and not further processed in a way incompatible with those purposes.

Tip 1: Do exercise particular care in collecting and processing sensitive personal data.

Tip 2: Do not collect personal data without having established the purpose of the processing and the time period during which the purpose is relevant.

Tip 3: Do not collect personal data on a “nice to have”- basis.

Satisfying Access Requests of Individuals 

If your company receives a request to share personal data, an objection to the processing of personal data, or to have errors in such personal data corrected, your company should respond either in the manner required by applicable law or one otherwise deemed appropriate with privacy offers.

Tip 4: Do provide information to individuals and respond to access requests to the extent required by applicable law or as otherwise deemed reasonably practical and appropriate in consultation with the VP Risk Management.

Ensuring Data Quality, Confidentiality and Security

It is very important that processed personal data be accurate and up to date. Personal data that is inaccurate or incomplete should be erased or corrected. 

Tip 5: Do keep personal data confidential, and implement a level of security appropriate to the risks presented by the processing, and nature, of the personal data.

Check out our weekly newsletter #FrictionlessFriday for more tips to avoid conflict at work with our best blogs straight to your inbox.

Processing Personal Data by Third Parties

There are times when data can be shared. Personal data may only be disclosed to third parties, such as your company’s subcontractors, partners, and affiliates but only when there is a legitimate basis for doing so.

Tip 6: Do not disclose or transfer personal data, even to your company’s affiliates, without implementing appropriate measures, such as a data processing agreement.

Learn more about what you can do as a manager to ensure your organisation is in compliance with GDPR with our eBook The CEO’s Guide to GDPR Compliance here.

Check out our weekly newsletter #FrictionlessFriday for more tips to avoid conflict at work with our best blogs straight to your inbox.