Practice development

STEP 1 – Assigning responsibility for GDPR compliance

Having completed my collaboration with GDPR Auditing Ltd, to produce a guided Workbook that would see accountants through the processes to achieve GDPR compliance, I think it is time that I apply myself, or more particularly my practice the Swan Partnership, to completing the Workbook and achieving compliance.

13 weeks to go

It seems appropriate to share this process with my Weekly Insight group. My day jobs include numerous writing and advice commitments – I am a sole practitioner, and director of four trading companies – so I have limited time to apply myself to GDPR. However, as of today there are just over 13 weeks until the GDPR formally kicks in, 25 May 2018 and coincidently, our GDPR Workbook is split into 12 steps, and so I am going to complete one step a week.

Still sitting on the fence?

If you are still sitting on the fence on this issue, I invite you to join me. Admittedly, I have a vested interest in your doing so, but my guess is the contents of this weekly post on my progress will provide a useful primer for firms that buy our Workbook today and complete the program in step with me.

So let’s get the plug for the Workbook out of the way – you can order a copy here.

STEP 1 – Assigning responsibility for GDPR Compliance

Our Workbook (Tab one) is described as “Data Security Owner” (DSO). Under the GDPR someone needs to take responsibility for steering a business through the compliance process.

On the face of it, this is a simple decision for me as I am a sole trader and I have no staff. My choices are:

  • Take on the role myself, or
  • Delegate the role to a qualified 3rd party

I considered approaching my IT support company, but now I know more about GDPR, I have a sneaking suspicion that I know more about the process than they do.

I could also ask my colleagues at GDPR Auditing to do the work for me, but this quite rightly, would involve additional costs and it would defeat the object of this present exercise, which is to path-find the whole process for practitioners.

Most sole practitioners will find themselves in a similar position to me, larger practices may have a number of individuals who are suitable to take on the role. Before making a decision make sure you read through the three checklists on sheet one of the Workbook, as these will guide you on the duties, qualities and responsibilities that a DSO will need to embrace.

Onward and upwards.

I have minuted that I will be the Swan Partnership Data Security Owner and I have applied myself to changing the “No” entries on my DSO checklists where appropriate.

The checklists are split into three sections:

  • Duties on the DSO
  • Qualities of the DSO
  • Organisations responsibilities

Some of the first section can only be completed when other parts of the process are completed, but I have managed to select “Yes” or “n/a” to most of the sections and this is a checklist that I will return to in due course.

I have spent no more than 30 minutes completing this part, thus far, and having saved my changes, will return to complete STEP 2 – my Record of Processing this time next week.

Feel yourself edging off the fence?

Buy our Workbook here and follow my progress.


Leave a Reply

Your email address will not be published. Required fields are marked *