What is GDPR?
The aim is to allow people to understand and manage personal data held on them by organisations by giving ‘data subjects’ more control over the personal data held on them, and simplifying the law across the EU member states.
What does GDPR mean for my business?
If you hold and/or process any personal data of any kind, then you must abide by the legislation. The legislation supersedes the existing Data Protection Act 1998 and will apply to UK companies, regardless of Brexit. Not only does the legislation tighten up the rules considerably compared to the Data Protection Act but the fines associated with non-compliance and failure to notify any breaches will dwarf those businesses currently face.
If you fail to follow the basic principles set out in the legislation the data protection authority in the UK – the Information Commissioner’s Office (ICO) – could issue a penalty of up to €20 million or 4% of your global annual turnover, whichever is greater. Should you fail to report a data security breach to both the effected parties and the ICO then the fines can be up to 2% of your annual worldwide revenue, or €10 million, whichever is higher.
What do I need to do to become GDPR compliant?
In order to prepare for the legislation, you must know what data you hold, why you hold it, where it is held, what you do with it and how it is protected. If the data you hold is no longer needed or used for the purpose you initially collected it, then you must delete it.
In order to comply with the legislation as an ongoing activity you must look at the way you collect data, why you collect the data and how you use it. There must be explicit consent from the individual to collect the data in the first place and once you have stored the data you must then ensure there are robust processes in place as to how you deal with it – including deleting once the intended purpose has been satisfied.
As a company, you need to understand your current position, identify where the gaps are, prioritise and make plans for addressing the gaps and then implement the required changes to ensure compliance. After this point you need to ensure as part of your day-to-day processes and procedures that you continue to work within the legislation and are able identify and act upon any breaches should they occur.
How can Service Thirteen help?
If you are looking for support to navigate your way through the process, then Service Thirteen can help. We can help you with assessments of your existing estate, processes, and data held, and then work with you through the journey of becoming and staying compliant.
Please keep an eye on our latest Blogs for GDPR hints and tips, or do not hesitate to get in touch!