The clock is ticking for GDPR compliance
On 25 May 2018, GDPR – General Data Protection Regulations – will come into force, impacting every business that processes personal information for EU citizens.
The legislation will protect the general public and the information that people provide and expect to be protected. GDPR is the biggest shake up in data protection law in over 25 years.
Facebook has rarely been out of the news recently with Mark Zuckerberg, CEO of Facebook, directly in the media spotlight. Zuckerberg is being publicly reprimanded for his past business decisions, involving sharing personal information about members of the public without their knowledge. This included private information that they wouldn’t choose to share or even voice with others.
GDPR is therefore set to make sweeping changes to companies like Facebook in forcing them to make changes about how they collect and store data – giving more power to individuals about what personal information is in the public domain. GDPR will regulate what companies can do with personal data from the biggest corporate giants to the smallest start-up businesses.
GDPR will ensure companies show their customers transparent and concise guidelines about how personal data is stored and used. Companies will also need to give customers prompt access to their personal data if they request this.
With just a month to go until GDPR becomes law, even the smallest companies need to ensure they are compliant as soon as possible. Research shows that 90% of small businesses are not ready for GDPR.
There are businesses who will be exempt from GDPR, but it is not down to the size of the business, its resources or capabilities, but rather that they pose less risk. However, even if your business is exempt and even if you only process a small amount of data, it’s advisable to maintain a high level of control over your personal data procedures and keep proficient records.
Some tips to ensure GDPR compliance include:
Tick off a GDPR checklist
Businesses who fail to show that they have the correct data protection procedures in place may face fines so it is important to have proof of the measures you are taking, including:
✔ Research the legal framework that surrounds GDPR
✔ Keep a GDPR log or diary
✔ Classify your data – who has access to it? Where is it stored? Who is it shared with?
✔ Make sure the data user’s privacy is protected
✔ Determine and document any potential future risks
✔ Put a procedure into place for what will happen when a customer requests their data
Pass the government approved Cyber Essentials Scheme
The Cyber Essentials Scheme helps businesses protect themselves against the threat of cyber attacks. Upon completion, your company is awarded with a certificate to demonstrate that cyber security is paramount to your business. The scheme is backed by the government.
Alongside this scheme, we can also help you assess any other requirements that you need to complete to ensure your business is GDPR compliant such as:
- Assessing business risks
- Training staff
- Dealing with incidents
- Handling operational issues
In addition to this scheme, specialist legal advice is also recommended.