What is the GDPR and what does it mean for businesses?
The General Data Protection Regulation, or GDPR as it’s more commonly referred to, is the most important change to data privacy regulations in 20 years.
If your business handles data (which is highly likely!) then these regulations will impact your business
Coming into force on 25 May 2018, the GDPR will bring about a number of changes to current data protection regulations as stated in the Data Protection Act (DPA) 1998. The new regulations will be much stricter, offer no ‘grace period’ for compliance and have higher fines in place.
The General Data Protection Regulation will feature many similarities to the DPA, however, a number of areas will be enhanced to improve security and rights around personal and sensitive data. This will include the right to be forgotten, higher standards of consent and immediate notification of data breaches (or within 72 hours in certain circumstances). Forbes Solicitors offer a helpful summary of the key changes being brought about by the GDPR.
Not only will the GDPR require employers and businesses to comply with new regulations but they will have to ensure accountability. Therefore, your business will need to be able to evidence and demonstrate compliance with the GDPR.
Data protection can be a daunting and substantial subject – but by acting now, you can address any confusion ahead of the GDPR changes and start preparing your business for compliance.
Here are our tips to get prepared for the GDPR:
We’re already on the countdown to the 25th May 2018 and there is no grace period for non-compliant businesses. If you want to avoid hefty fines (reaching 4% of annual turnover or £17million), it’s time to start taking action. It’s important to recognise that data processing isn’t just a challenge – it’s also an opportunity. Read about how Enquin Environmental improved how they collect and transfer data to achieve more than £300,000 in savings and 50% boost in productivity.
Take time to understand the GDPR and your business
It’s important to understand the changes that will occur and what they mean to for your business. How will the changes impact different segments of your business such as marketing, IT and HR? How will the whole business work together to ensure compliance? Start thinking about what you will need to put in place to protect your business, employees and customers. Take advantage of the information and support available online.
Carry out an information audit
Start by mapping out the data you are processing. Ask questions about what you are processing, why you are processing it, where it is being stored, how, where and why it is being shared and your retention period. This will help you to assess areas where improvements or changes could be made in line with the GDPR requirements.
Self-assess your business
The Information Commissioner’s Office offers a toolkit of resources to help your business carry out a data protection self-assessment. Use their checklists to assess your current compliance standards and find out what you need to do improve your awareness, accountability and data handling ahead of GDPR.
Review existing policies, procedures and relevant documentation
After addressing your current data processes and making relevant changes ahead of GDPR, it’s important that your documents reflect the new regulations in place. You may need to look at updating both internal documents and those external documents that highlight consent to customers and stakeholders. Updating policies and procedures will enable you to bridge gaps from where the business currently stands to GDPR compliance in a formal and accountable manner.
Plan your next steps
Once you have conducted initial evaluations of your current data processes and determined how your business can achieve compliance, it’s likely that you will need to implement changes or improvements. Begin planning out the steps you need to take and who will lead on these. It may be beneficial to assign someone to managing your data compliance project to ensure consistency and effective implementation.
Think long term
Whilst you are going through a process of change, it is a good time to introduce or review the data training for all staff. During this process you will be able to address the day-to-day realities of complying with GDPR moving forward and upskill your staff.
Develop your business’ compliance plan
Not only will this be beneficial to ensure you’re responding to your initial evaluations and plans to ensure overall compliance, but this will also be a good method of demonstrating the steps taken to achieve compliance. As previously mentioned, the GDPR will require businesses to show accountability so it’s a worthwhile habit to start now.
Looking for more support on managing your business data or just interested in finding out how digital technology can support your business practices?
Explore the Superfast Business Wales workshops coming up across Wales.