GDPR is everywhere. It’s on your social media channels, it’s probably in your newspapers and it’s definitely in every marketing industry magazine or publication you subscribe to. There is simply no escaping the topic… it’s looming large and from May 25th 2018, it’s here to stay.
Given the avalanche of information on the subject, some of it conflicting and a lot of it confusing, we have waded through the seemingly endless material and compiled what we believe to be the most important points you should be aware of.
We appreciate GDPR probably isn’t your chosen topic of leisurely reading material, so we’ve condensed our findings into 5 minutes of reading time or less. We hope you find it useful.
- GDPR – What exactly does it mean?
GDPR is the acronym for it’s full title, The General Data Protection Regulation. The new regulation will ultimately replace the current Data Protection Directive, 1995. It’s intention is to unify and enhance the data protection for all individuals living within the EU. Doesn’t sound so daunting after all, right?
- Why is the existing Data Protection Directive being replaced?
At the time of writing, all existing EU member countries (28 of them to be precise) operate under their own interpretation of the Data Protection Directive. As you can imagine, that has led to an awful lot of differing interpretations of the same regulations. GDPR is being implemented with the aim of:
- Creating a single, unified regulation across the EU to ensure the multitude of interpretations are eradicated, leaving one clear set of instructions
- Giving citizens full control of how their personal data is acquired, stored, safeguarded and processed. It will also afford them the right to full access to their data, along with the option to amend and challenge the data companies hold.
- Update and ultimately replace the Data Protection Directive, taking into account platforms and technologies that have emerged since 1995 such as cloud and social media platforms.
- What is ‘Personal Data’?
Personal Data is defined by the European Commission as any information relating to an individual, be it personal or professional. This ranges from name and address details to financial information, email addresses, social media posts, medical records and even IP addresses.
- Who does GDPR apply to?
The impending GDPR regulations apply to pretty much all businesses, or at least any business or organisation that collects and controls personal data from EU citizens. That covers employee/staff data too, so all of your databases need to be scrutinised. Generally, the regulations will be applicable to:
- Any business that collects and controls the personal data of any EU citizen
- Any business that processes data on behalf of another business
- What are the penalties for breaching GDPR?
The financial implications for non-compliance can be eye-watering: 4% of your annual turnover or 20 million euros (whichever is greater)
- How can you prepare for GDPR?
- Make sure your IT processes and infrastructure are as secure as they can be to prevent any breach of security or data leak
- Be explicit and transparent about how your data is collected, what it is used for, how it is stored, who has access to it and where it goes if it leaves your organisation
- Ensure the data you hold can be securely deleted if someone requests for you to do so
- Create a ‘data map’ detailing where all of your data is stored. Part of the GDPR regulations require businesses to report any data breach within 72 hours to a supervisory authority
- Carry out regular and comprehensive checks on your data systems and processes
- If you have more than 250 employees, you will need to appoint a dedicated Data Protection Officer, if you don’t already have one.
So there you have it, GDPR in a nutshell. It can be a daunting task to prepare as best you possibly can and with some smaller businesses, IT resource may be in short supply. What’s important is that you are aware of the regulation changes and you are pro-actively taking steps to ensure you are as compliant as possible. It won’t happen overnight and it will likely be a long and laborious process but what you’ll end up with is a business that is compliant, and perhaps just as importantly, you’ll streamline and improve your data and security processes whilst doing do.
Thanks for taking the time to read this blog piece, if you need any further info or have an enquiry , feel free to contact us on the office number: 0118 474 888 or alternatively, email us at: firstname.lastname@example.org