An important way of getting on top of GDPR ready for the May 2018 deadline is to know what personal data you hold, whether it is correct and up-to-date and how your organisation and third parties are processing that information.
For this, you can use an information asset register, as recommended by Alison Johnston, the Lead Policy Officer for Scotland at the Information Commissioner’s Office. In our recent interview with Alison, we asked her what exactly an information asset register is and how organisations can use one to keep on top of their data.
Normally when people think about assets, they think about IT equipment or the furniture that you’ve got in an office, but your personal data is an asset.
“Normally when people think about assets, they think about IT equipment or the furniture that you’ve got in an office, but your personal data is an asset,” Alison told us. “To use an example, if you’re a touring company you might have a mailing list. You need to know what data you’re holding and what you are doing with that mailing list.
“You’re also going to have your staff data. You might have volunteer data. If you’re running workshops, you might have workshop attendee data. These are all different types of data, and all different types of assets. And it’s really important to know where your assets are and what you’re doing with them, where you’re storing them and why you’re using them.”
Free marketing and research advice:
- Data to understand what’s unique about Scotland’s audiences.
- The groups you’re missing and methods to bring in more people like the ones you already have.
- Marketing messages that speak to the right people, at the right time.
- Reaching the people who would love what you do - if only they knew about it.
- The tools, trends and resources that will help you along the way.
How can an asset register help ME get GDPR ready?
In order to achieve this knowledge, you need to keep a record of what personal data you’re storing, which is where you can use an information asset register. In particular, if your organisation doesn’t currently know what personal data it is holding, then you should audit your data to find out what data you’re storing and whether it is up-to-date. You can then decide what data can be processed, cleaned up or removed in accordance with the GDPR legislation.
If you’re wondering where to start with your data audit, then Culture Republic can help you. Our GDPR resource hub has a template data audit, along with a step-by-step guide of how to complete it. This means you won’t miss any of the data you currently hold – even those stored in places you might not have thought about. If you get stuck, drop us an email or give us a call and we’ll go through the data audit with you.
We’ve also just added a third part to our data audit: a data processing record. With a data processing record, you can systematically detail how and where personal information is processed, both within your organisation and by third parties. Even if you have already completed a data audit, it is worth taking this final step so that everyone in your organisation knows how your data is being processed.
Become a partner
For just £200 a year, you get access to:
- Free Digital Impact Report that measures your website and social media activity against your peers
- Free monthly workshops and masterclasses to grow your audience and stay sustainable.
- Discounted day rate for any research or marketing consultancy you commission from us.
- Connection to a growing network of like-minded organisations with aspirations, ideas and plans just like yours.