ABSTRACT
Chapter 4 discusses how to apply the GDPR in your organisation. It starts by discussing how the legislation applies and the need to register with your Supervisory Authority (giving details of the UK system and the tiers of registration). Guidance on how to decide if you are a Data Controller or Processor is given and the difference between the two roles is outlined. The chapter then goes on to discuss how to build awareness in your organisation. Using a case study, it takes the reader through understanding their information sources, analysing the flow of data, completing a Data Audit, managing the risks, keeping the data safe, responding to data breaches sharing information, staff training, retaining and deleting data and understanding the rights an individual has. The chapter concludes with a section on communication.
