The information Audit
Where to begin when it all feels like a bit of a minefield? We’ve devised 4 simple steps to get you started. Although it can always be useful to look at the ICO (information commissioners office) website for more detailed information. This is also covered in our overall all guide to GDPR
Step 1) Understand the data your company holds
Simply start by compiling a list of all the core/key processes your company has, for example; new sales, managing payroll for employees, sending marketing update to prospects etc.
Sometimes we find this easier if you physically map through the core journeys your customers/employees, prospects have with your organisation, grab a large piece of paper and plenty of coloured pens (we often use brown paper rolls which can be purchased from amazon)
Step 2) Where does your company store this data?
Once you’ve identified and mapped the core processes, you can start by compiling a list of all the different systems places that you use to either store or process data. These can be used to process sales, contact employees, send emails or communicate with clients.
Using both these documents you should be able to define a complete list of what information is stored where and whether consent has been provided. Remember to make note of all personal data (Personal data is data that can identify an individual)
- Identifiable information such as numbers
- Factors specific to a person’s physical, physiological, mental, economic, cultural or social identity
Step 3) What is the data used for and why?
Understanding what the data is used for is a crucial part of the audit, it’s important to check with all areas of your business what they are using and for what purpose.
As an example, is it important to keep a record of client’s previous address it they have moved recently and if so what purpose and for how long?
“It’s used for staffing requirements,” your HR person might answer, but will forget to mention it’s also used for programme management, forecasting, and analytics. Finance might also add a few more systems to your list, since they will include the data warehouses and analytical tools they use.
You will need to know every bit of data, where it is stored for what purpose and how long. It’s that simple.
Step 4) Who has access and responsibility to your data?
As the list of systems and data usage has been identified, you should now record who currently has access to it and why?
You may find it helpful to complete the self-assessment check list provide by the ICO as a first step one you’ve done the quick audit
You can find out more information on what data GDPR relates to by clicking here and going to the ICO website
Whilst the simplified audit above is only the start of the GDPR process it will provide with you a far clearer idea of what you’re dealing with and where your key priorities in term of compliance may be.
If you are in any way concerned about how GDPR will affect your marketing strategies, talk to Fresh Nous. We have worked hard to ensure we know precisely how the changes in regulations will affect marketing, and we’re here to assist by helping you to plan effective, compliant campaigns.