Are you GDPR ready?
There have been a number of articles in the business press about GDPR in recent months but, you may like us have been feeling confused as to what it is exactly and how it will effect your business. We have therefore put together this basic guide to help make you understand the implications.
What is GDPR
General Data Protection Regulation is bringing data protection throughout the EU more or less in line with each other. The UK’s Data Protection Act of 1998 will now be superseded by this new legislation. If not compliant, businesses could face tough fines.
This new legislation comes into force throughout all EU member states on 25th May 2018.
How will it affect you?
Data controllers (the company or person stating how and why personal data is processed) and processors (IT firms for example, processing the actual data) now need to abide by these new rules.
Controllers will need to ensure that personal data is processed in a lawful, transparent manner and disposed of once the purpose has been fulfilled and the data no longer required.
Consent must now be given in an active manner rather than pre-ticked boxes or opt outs. Controllers need to keep a record of how and when individuals gave consent and be aware that individuals can withdraw their consent at any time.
What constitutes personal data
- Name, address, date of birth etc
- IP addresses
- Economic, cultural and mental health info
- People can ask at reasonable intervals to view the information stored about them
- Individuals can request the “right to be forgotten” which means that they can demand their data to be deleted if no longer needed
How to be prepared
You will need to think about the types of information you hold on file. Do you hold payroll information? HR information? Send out newsletters?
Once you’ve determined this you need to make an action plan to list where you hold the data, the types of data, how it is used (is it passed onto others) and when could it be disposed of. Once you have done this, you need to action your plan. It could be as simple as setting up a diary reminder to check through this information once a quarter/once a year or something more in depth.
Sphere Data Protection
This is such a vast subject, so this is why we are partnering with a GDPR expert. Kim of Sphere Data Protection has produced this factsheet which should answer your initial questions in detail. Kim would welcome an initial chat on the phone to discuss your data protection requirements and preparation so far. Sphere Data Protection have devised a series of DIY tools and support interventions for small businesses for carrying out the necessary steps and stages to GDPR compliance.
They also offer half or full-day group training, which can be delivered to key data users within a Practice, or to multiple representatives within and across a group of companies to come together and collectively explore their GDPR requirements (this has the advantage of providing cost efficiencies for the small businesses involved and enables co-working for best practise going forward).
You can book a call with them and also access free information about GDPR on their website https://spheredataprotection.com/contact-us
We do suggest you take this seriously otherwise you could land a fine of 20 million euros!
Our Virtual Assistant Nuria, has been very hard at work helping Kim with producing the GDPR toolkits so if you need some help implementing your GDPR processes, do email email@example.com for assistance.