GDPR – General Data Protection Regulation, Are You Ready?
Are you ready for GDPR? If not, you’re not alone.
At a recent event with a group of finance directors, over 90% didn’t know what GDPR is or how it might impact their organisations.
If you’re not already thinking about what you need to do to comply then your business may be at significant risk.
The new General Data Protection Regulation (GDPR) is an EU-wide law that comes into force on 25th May 2018, replacing the current Data Protection Act, tightening data protection regulation and increasing the penalties for a data breach. Under GDPR the maximum fine increases to €20 million, or 4% of global turnover, and Brexit isn’t going to make it go away.
GDPR places stringent obligations on an organisation around the management and use of personal data – and data protection needs to be embedded into all your business process and systems.
The requirements apply to both automated (IT) and manual systems, and businesses must demonstrate compliance with the key principles, including:
- Data must be processed in a manner that ensures security, protecting against unauthorised access or loss
- Data must be accurate, kept up to date, and not retained for longer than needed
- Businesses must have the explicit consent of individuals to hold their data, with a positive opt-in, freely given and verifiable, separate to any other terms and conditions (a higher standard than currently) – which can be withdrawn at any time
- The right of an individual to have their data erased – meaning business need to be able to identify all the data they hold about an individual and be able delete it in response to a request
Personal data storage is not just limited to the Marketing Department in most businesses it can be stored across many departments including Marketing, Accounts, Sales, Engineering, Customer Services.
GDPR will impact your entire business database and the new regulations need to be understand and planned for now whether you have an integrated IT system or still rely on a paper based model.
Some simple steps taken now will help to ensure your business is fully compliant come the 25th May 2018. Find out more, and ensure that your organisation is adequately protected, by contacting me on 0203 4340903.