toggle menuMENU What does an organisation need to consider? Question:What does an organisation need to consider?Answer:The first step is to carry out an information audit to find out what personal data your organisation holds and where it is. You should then know: What kind of data do you process? For example do you process special category data that requires a high level of security? Who processes that data? - Who within your organisation processes and has access to data. Are they aware of their responsibilities? Do they need training? How do you keep data safe? What systems do you use? If you keep information internally then is the information kept somewhere secure. If you use electronic systems what are their security arrangements? • How do you process consent? Are people aware of what information you collect about them and do they give their consent for you to do this? Why are you collecting that data? What is the purpose for collection? If this is understood then it will be possible to identify the lawful basis for collecting data. This may require the consideration of a legitimate interests assessment.