Malta Maritime GDPR Tips

 

  1. Audit and document your data flows – map all personal client data that comes into (and out of) your firm. And note down where that data is stored, who can access it and whether there’s any potential risk element to that data source.
  2. Update and revise engagement letters and client communications –This will also mean updating your privacy policies and any GDPR-related agreements with clients around data protection and consent to be contacted electronically by the firm.
  3. Encrypt your devices and servers – making your IT hardware secure is a key element to get right. You also need to make sure the servers you’re using are encrypted too, making your hardware storage as secure as possible.
  4. Review how you transmit client data – look at the ways you’re transmitting client information from your laptops or PCs. That means looking at email encryption and how you share information with clients, or moving this process to a document-sharing portal to remove the need for attachments in emails etc.
  5. Clean up existing client data – only store the data you need for engagement and compliance purposes. If you’re holding out-of-date or unnecessary personal data, now is a good time to delete this and clear down your systems.
  6. Use 2-factor authentication for cloud apps – with your cloud apps and solutions, it’s vital to know where the data is stored and to ensure you have 2-factor authentication (2FA) enabled for these apps.
  7. Train staff on good data practices – your whole practice should be up to speed on best practice when it comes to managing data, but GDPR provides an incentive to get formal training in place and to enhance your staff’s understanding of data security.
  8. New contracts for all employees – whether you run your HR in-house or have outsourced to a third party, do ensure all your employment contracts are updated to cover privacy and employment data under GDPR.
  9. Appoint a Data Protection Officer – If your firm has over 250 employees, you’re legally bound to appoint a Data Protection Officer, but there’s value to defining this role whatever size your firm – giving you a senior person to oversee the whole process and ensure the firm’s compliance.
  10. Have a clear plan in place – ensure your GDPR compliance plan in place as a matter of urgency, so you can clearly demonstrate that you’re taking action.