Getting GDPR Ready
The European Parliament has announced one of the biggest changes in data protection - the General Data Protection Regulation (GDPR) - a legalisation which is likely to impact you and your business on 25th May 2018.
Whether you are a sole trader, SME, or a corporate business, GDPR requires any organisation that collects, holds or uses citizen’s or staff’s personal information to be compliant. Any organisation that does not safely and securely manage people’s personal data can land themselves with a substantial fines and can give individuals the opportunity to file for compensation.
Frequently asked questions on GDPR
What is GDPR?
GDPR is designed to harmonise data privacy laws for UK and European citizens and businesses, improve the privacy of citizens, and reform the way businesses approach data privacy. The legalisation will result in fairer treatments for citizens when disclosing their personal data to businesses.
Will my business be affected by GDPR?
Any business that holds information enabling an individual to be identifiable will need to have GDPR in place. As the majority of businesses hold data on individuals, it will impact day-to-day operations and some organisations may need to implement a new data protection programme to be compliant.
One way of identifying whether GDPR is applicable for your business is to consider how often you deal with personal data from customers, staff, suppliers and previous employees. For instance, if your business handles personal data on a regular basis you should follow GDPR. The Information Commission Office (ICO) has announced if a business is following the Data Protection Act (DPA), then it will also be affected GDPR.
What does the legalisation mean for our customers?
Prior to the legalisation being implemented, individuals were not able to have a say on how their personal data was held, nor have the right to withdraw consent at any given time. For example, if an individual requests to withdraw from an email list, their details must be erased and not kept on file in the deleted mailing list folder. The EU has realised the importance of data for companies, but have recognised that there is no equality as authority lies mostly with businesses.
What if a business does not comply with the data changes?
Once the framework replaces the Data Protection Act (DPA), GDPR is going to inflict expensive penalties on businesses who are not adhering to the law. Any business that does not adhere to the regulations can land themselves with fines up to 4% of their global turnover or 20m euros (£15.8m), whichever is greater.
What do businesses need to do to be GDPR compliant?
The new conditions mean all SMEs will need to justify how and when an individual has given them consent to store and use their personal data. Once in action, SMEs will have to explain precisely where the personal data is stored, whether it be on a computer, laptop, servers, or on software programs and accurately explain how removal of data is executed.
Will my business need a Data Protection Officer?
Authorities have stated a Data Protection Officer will be compulsory for any business that has over 250 users. The position will appoint an individual to manage, control and process necessary security protection tasks and inform other stakeholders, plus online search engines, to remove online content.
What should a business do when a data breach arises?
Companies will have to up their security measures to reduce the chance of a data breach, as GDPR obliges companies to report any data protection violations in 72 hours to the necessary authorities. Moving forward, GDPR will put greater emphasis on recognising when a breach has occurred and putting an incident recovery plan in action to deal with the consequences.
My business needs to be GDPR compliant but I’m not sure how to implement the systems and processes required
Understanding GDPR is a necessity for the majority of businesses, but having an individual who is responsible for managing the issue safely and securely in your business is another complication. Primarily, the new legalisation will be most problematic to SMEs, as without the right tools smaller businesses with less staff and fewer free time available will be running into trouble.
For many businesses a robust and structured plan will need to be implemented to be compliant with EU changes. It may seem a complex task, but if it is carried out efficiently success can happen.
If the thought of putting in place your own GDPR plan seems a daunting task, Netpoint Solutions is here to help you through the process.
How Netpoint Solutions can help
Netpoint Solutions can help your business in becoming GDPR compliant
Your IT systems only account for around 20% of the GDPR regulations. Unlike many IT companies we are working with Certified GDPR Practitioners to help your business become fully compliant in all aspects of GRPR, not just the IT related areas.
- Find out what your GDPR requirements and obligations are via a GDPR assessment
- Cyber Essentials is seen as a minimum requirement for GDPR, we work as standard within the Cyber Essentials framework and can help your company become certified
- Many businesses require a Data Protection Officer due to the personal data they process. This can be outsourced to our Virtual DPO Service
- COMING SOON - our 'GDPR Compliance Tool Kit' will help your business implement the policies and procedures to become compliant
In preparation for GDPR businesses are recommended to implement systems that will make them compliant with the regulation well in advance of the 25th May 2018 deadline.