Are you ready for the GDPR?
Be prepared for the 25th May 2018!
This article offers insights and guidance. I highly recommend that you take the time to educate yourself about the GDPR and seek legal advice if you’re unsure on how the new law will affect you and your business.
If you know what I am talking about and only want to read the government’s new data protection bill, select option 1.
If you would like some insights, in addition to the government document, choose option 2 below.
Data protection – what is the new GDPR?
The EU General Data Protection Regulation (GDPR) is a law about Data Protection, based on a set of common-sense principles: The Right to be Informed The Right of Access The Right to Rectification and Right to Be Forgotten The Right to Restrict processing The Right to Object The Right to Data Portability
If you handle any kind of data, online or offline, you need to make sure you are ready for 25th May 2018. If you breach the new data law rules, you and your business will face extortionate fines. Currently, the maximum fine the ICO (Information Commissioner’s Office) can issue is £0.5m. Larger fines of up to £17m (€20m) or 4% of global turnover will be allowed, enabling the ICO to respond in a proportionate manner to the most serious data breaches.
Firstly, do you understand the definition of ‘personal data’?
Personal Data means any information relating to an identified or identifiable natural person (a “data subject”). An identifiable person is one who can be identified, directly or indirectly, in particular, by reference to an identifier such as a name, an identification number, location data, online identifier, or one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person. ~Article 4(1) of the EU GDPR 2016/679.
Secondly, the considerations:
• The principles • If you have a website • Identity • Awareness • Review • Brexit • Do you need a Data Officer? • Read the New Data Protection Bill
• A "right to be forgotten": When an individual no longer wants her/his data to be processed, and provided that there are no legitimate grounds for retaining it, the data will be deleted. This is about protecting the privacy of individuals, not about erasing past events or restricting freedom of the press
• Easier access to your data: Individuals will have more information on how their data is processed and this information should be available in a clear and understandable way. A right to data portability will make it easier for individuals to transmit personal data between service providers
• The right to know when your data has been hacked: Companies and organisations must notify the national supervisory authority of data breaches which put individuals at risk and communicate to the data subject all high risk breaches as soon as possible so that users can take appropriate measures
• Data protection by design and by default: ‘Data protection by design’ and ‘Data protection by default’ is now essential elements in EU data protection rules. Data protection safeguards will be built into products and services from the earliest stage of development, and privacy-friendly default settings will be the norm – for example on social networks or mobile apps
• Stronger enforcement of the rules: Data protection authorities will be able to fine companies who do not comply with EU rules up to 4% of their global annual turnover or £17,000,000 - whichever is more
If you have a website:
Data on a website can be anything from a simple enquiry form, an e-commerce/online sales website to online user accounts that have details saved. Make sure that your website is encrypted with an SSL certificate and that any data gathered is stored in a safe and secure environment once it reaches you. Seek advice about an SSL certificate.
Identify where you or your company are storing data, for example: • Your website • Telesales – do you store names and numbers for your agents to call? • Direct mail – do you have completed order forms stored away with contact details? • Customer service departments – calls taken from potential customers and those recorded details • Personal contact with people – the exchange of business cards from a tradeshow or exhibition
Prepare your staff and make them well aware of the changes that are coming. Make sure that they understand the principles of good data protection and that they don’t write down details of people on a piece of paper that could go astray, end up in the bin or taken home on computers or memory sticks where information could get stolen.
The General Data Protection Regulation will apply to all companies based in the EU and those with EU citizens as customers. It has an extraterritorial effect, so non-EU countries will also be affected. Even though the UK is planning to leave the EU, the UK will still need to comply with the GDPR.
Do you need a Data Officer?
A data protection officer (DPO) is an enterprise security leadership role required by the General Data Protection Regulation (GDPR). Data protection officers are responsible for overseeing data protection strategy and implementation to ensure compliance with GDPR requirements. A DPO would be recommended for any organization that processes or stores large amounts of personal data, whether for employees, individuals outside the organization, or both. Seek advice as to whether your company should employ a DPO.
You can find the ‘The New Data Protection Bill: Our Planned Reforms’, on the government website.
The New Data Protection Bill covers the following 4 topics: • The Digital Economy • Our Data Protection Reforms • Implementing the Reforms • Looking ahead
What have you done so far to prepare for the GDPR? Nothing? If you need help, support or just have a GDPR question you can call +44 (0) 208 133 2545 or email: email@example.com
If you have any requirements for content writing, contact me today: firstname.lastname@example.org or tel: 07800887857