Easier said than done……larger companies will benefit from deploying an application like One Trust which will enforce a structured approach and a auditable trail of the changes over time.
Smaller companies might consider a DIY approach which can be successful as long as a nominated detail conscious, documenting individual is made responsible for data privacy with access to the appropriate template set.
He/she also needs teeth and the ear of senior management when swift action is required to close down identified GDPR Risks during BAU or Change Management activities across the business.
Of course complacency may set in over time so refresher courses for new staff and those changing role are required, along with reminder posters thoughtfully placed in communal areas or noticeboards in corridors.
Line managers should also be vigilant with an eye on a team’s processes and to ensure compliance with documented standard operating procedures especially where confidential or sensitive personal data is being processed
