The Information Commissioner's Office (ICO) has published a checklist entitled "Preparing for the law enforcement requirements (part 3) of the Data Protection Bill: 12 steps to take now".
The 12 steps that organisations should take are:
Check if the organisation is a Competent Authority under Schedule 7 of the DP Bill and that key people are aware that the law is changing.
Document what personal data is held, where it is held, where it came from, who it is shared with and who is responsible for it.
Identify the lawful basis for processing activity, document it and update privacy notices accordingly.
Ensure consents are up to date.
Review current privacy notices.
Check individual rights are covered by necessary procedures.
Ensure that the right procedures are in place to identify, manage and investigate a data breach.
Organisation should familiarise itself with the ICO’s code of practice on privacy impact assessments.
Ensure someone is designated to take responsibility for data protection compliance and assess where this role will sit within an organisation’s structure and governance arrangements.
Ensure logs of processing operations in automated processing systems are kept.
Review procedures for transferring or sharing personal data across borders.
If undertaking sensitive processing ensure that the organisation is compliant with the requirements of the legislation including having an appropriate policy in place.