CANDDi's data audit

GDPR (the General Data Protection Regulation) is the biggest change in decades to the way data protection works. It requires businesses and organisations to be upfront with people about what data they collect, and what they do with it. It also gives individuals new rights, like the right to request data about them is deleted.

One of best resources for getting started with your GDPR preparation is the ICO’s 12 Steps to Take Now booklet. The Direct Marketing Association also has a good set of resources online.

In getting ready for GDPR , first you’ll need to work out what categories of information you hold. At CANDDi, we hold the following categories of data: Data about the anonymous website visitors we track; data about our sales leads; data about our customers; extra data we’ve generated as a technology company, and data about our employees and contractors.

For each of these categories: we looked at: what the data means; what the basis of processing was; where we store it and how we retain it; who has access to it, and what we still needed to do in the case of each category to be GDPR compliant.

You’ll understand more after looking at our own CANDDi data audit.