GDPR places responsibility on businesses and ensures they are accountable for protecting the data of their customers and employees.
The GDPR becomes law on 25 May 2018.
Does GDPR apply to my business?
If you collect, store and use personal data about your customers or prospects then GDPR compliance applies to your business. It’s reasonable to assume that your business is affected by GDPR unless you don’t keep paper or electronic files, don’t employ anyone, and have never made a sale.
What happens if I don’t comply?
There’s an upper limit of €20 million or 4% of your annual global turnover, whichever is highest. The authorities can also:
• Give official warnings
• Demand audits
• Request things are fixed by a strict deadline
• Force you to destroy illegal data
• Stop you communicating with you databases
• Stop data transfers to other countries
How do I become compliant?
Your first step is to investigate and analyse your existing IT systems to see how compliant they are. You can do it yourself or seek external support from IT experts
Your second step is to fix any issues if that’s possible. You may find you have to start again from the bottom up, it all depends on how well your existing systems support the new regulations.
• Access their personal data easily and fast
• Have any mistakes corrected
• Ask for their details to be removed under the ‘right to be forgotten’
• Stop getting direct marketing offers
• Stop automated decision-making and profiling
• Let people transfer their data from one controller to another with ease.
How do I ensure my IT systems are compliant?
The first thing to do is investigate your existing IT systems to check how compliant they currently are. You may be able to handle this internally or might need external expertise. You then need to deal with the gaps you’ve identified.
The more complex your system is, the more you might have to do to make sure it supports every aspect of business-wide compliance. Your first step is to start thinking about GDPR now, to give your company the time needed to get ready. Unless you are 100% confident you can handle it in-house, your second step is to find someone you can trust to give your IT an overhaul.
How can Cheeky Munkey help you achieve Compliant IT?
We are not GDPR experts but we are IT professionals. We can therefore help you by auditing your systems to identify any issues. We can then either fix any problems or recommend new systems that will be compliant.
We recommend the best first step to achieving IT compliancy for GDPR is to become Cyber Essentials accredited. If you could only do one thing, this is it. It helps you clarify your current situation and once passed it gives you a government backed official certification. This is tangible proof that you’ve been taking data security seriously.