Organisations should put in place measures to ensure they meet their responsibilities under GDPR. The measures should be designed to minimise the risk of a data breach and ensure data is processed lawfully. GDPR applies to both electronic and manual record keeping. Many companies have overriding Data Protection policies which should be reviewed to ensure they comply with GDPR.
Showing you have considered and implemented appropriate Data Protection processes is a key principle of GDPR.
It is crucial that new staff understand their responsibilities regarding GDPR and therefore training should be provided. Documenting policies and processes to ensure best practice is maintained across the organisation is key.
Information security – both manual and technical – is paramount in ensuring data is not at risk. Any breach can be very harmful.