CV and Work Samples

Paul Gudgeon

GDPR Workplace Preparation

GDPR workplace preparation

(Resources posted are all recommended in ICO "Twelve Steps" document)

Before GDPR came into effect, I recognised that the business needed to become compliant to avoid issues of breaching data protection regulations. I undertook to plan the entire framework of GDPR for Edgware Academy.

There was little understanding of the need to become GDPR compliant. People who are not ICT oriented tend not to be cognisant of importance of data protection and privacy as an issue.

Pointing out the requirement to seek active consent from data subjects, I was often greeted with the response, "Do we really have to?" It took some persuasion to reinforce the reality that active consent is mandatory to collect data. That included existing data subjects.

The same need for active consent applies to browsing a corporate website to use various cookies. Some are advertising and tracking cookies... some are analytic (how long did people stay?) and some are just ways of helping navigation.

Our IP provider did not seem to be aware of this either.

mWhen GDPR came into effect, the IP provider was quickly inundated with requests for consent widgets on websites and very rapidly our IP provider understood and moved towards GDPR compliance.

It was an interesting journey for me, because I do not think people were deliberately "resisting change". They could not understand what the need was. It was more a matter of comprehension than resistance. I was appointed as the DPO for the organisation.

Samples of GDPR deliverables

Data Risk Register (excel file)
Data Breach Records (Access DB)
Data Audit (Word document)

(The Data Breach Records database is a very simple access database which records any report of data breaches, responses and whether ICO and data subjects needed to be informed. You can download that and enhance it as you wish).

That is a fair sample of the work I undertook to bring Edgware Academy into GDPR compliance. I will not publish proposed or live privacy or data security policies, because that is proprietary information. So in fairness, I cannot release that. There are plenty of examples out there for people who are interested.

Deliverables I produced through this process were as follow:

  • 01 Data Risk Register
  • 02 GDPR Data Audit (which also includes an analysis of process)
  • 03 Edgware Academy Privacy Notice
  • 04 SAR posters for staff awareness (Subject Access Request)
  • 05 Proposed Policy on Data Protection and Privacy
  • 06 Proposed Policy on Data Retention and Destruction (including electronic and paper)
  • 07 Subject Access Request (SAR) form
  • 08 Data Breach Database
  • 09 Proposed Confidentiality Agreement
  • 10 Email Structure Updated (An analysis of corporate emails and email usage)
  • 11 Proposed Data Protection Declaration
  • 12 GDPR How Edgware Academy Uses Your Information (An explanation for data subjects of why we collect data and what we do).

If you would like some help in controlling or checking your GDPR compliance, I would be happy to offer you some help. Contact me by email: pjg.gmem@gmail.com with your question / situation. I have been through the process of ICO "Twelve Steps".

It may interest to know that, to this day, staff open bank accounts and references and payments and such on the staff PC's and leave them open for the whole world to see! As an IT person, I know that personal data should be valued by every individual and I believe that this should be taught at school level so that people can be prepared for a world that will gather personal data and use it.

Create your website for free! This website was made with Webnode. Create your own for free today! Get started