GDPR is the biggest change in data protection law since the 1990s.
For those who aren’t aware, the GDPR (General Data Protection Regulation) is a new regulation aimed at strengthening data protection for all individuals within the EU. And despite Brexit, UK companies are going to be affected by the implantation of the new law.
It is estimated that businesses in the UK aren’t properly equipped to deal with the new regulations, or are misinformed on what is required. However, with enough preparation and planning, you can ensure that your business is fully geared up for GDPR.
With that in mind, here are five things you need to know when preparing for GDPR.
-
Understand what GDPR is
GDPR will replace the current Data Protection Act 1998 in the UK. The new law aims to enforce tougher regulations and fines for any business that holds the data of EU citizens. It also gives individuals more rights over their personal data and how companies use it.
The GDPR also aims to look into loopholes in the current legislation that do not account for digital advancements that have occurred since 1998, such as The Cloud.
-
Know when it comes into effect
GDPR will come into effect on 25 May 2018.
-
Be aware of what data is affected
The GDPR has expanded the definition of personal data. Now, anything that could potentially be used to identify an individual is now considered personal data. For some businesses, there won’t be a significant change in the data that’s affected. For many companies, the new definition will cover more of the data they hold.
To help your company prepare for GDPR, familiarise yourself with what type of data you hold and how much (if any) of this data will be affected. New additions to the data affected include:
Personal Data: Name and location data, but also online identifiers, such as IP addresses, mobile device IDs and cookies.
Sensitive Personal Data: Genetic data or biometric data, political or religious belief, health and sex life information, trade-union affiliations, and racial or ethnic information.
-
Know that if something goes wrong, you could face massive fines
Formerly, only the data controller would be liable in the event of a data breach. However, under GDPR any business that encounters the data of EU citizens is liable, and you don’t have to be in an EU member state!
Data processors and data controllers are now equally liable for the security of their data, and can face huge consequences if they fail to comply. For example, companies can be fined 4% of their global turnover or receive a £20 million fine, whichever is greater!
Fines at this rate would be enough to cripple smaller businesses, so ensure you document and revise data processing agreements to meet the required standards.
-
Equip staff and colleagues to deal with GDPR
As a liable organisation, it’s your responsibility to make sure that your staff and colleagues are well prepared to handle the demands of GDPR. Ensuring you are compliant during the handling of any data.
It is worth considering training staff to ensure they’re familiar with the new regulations and the secure handling of the data. For example, you might want to employ a Data Protection Officer who will maintain your organisations data and will know how to respond in the event of a breach.
If you need any extra information or help getting equipped for GDPR, get in touch with us today. We can help your business reach its full potential.