Coming into force on the 25th May 2018, the General Data Protection Regulation (GDPR)will mean businesses have to adhere to new rules for managing personal data set by the European Parliament and European Council.
GDPR will be binding and enforceable. With the threat of hefty fines for non-compliance, here is our simple guide to what your business needs to know and act on before this crucial deadline.
Why is GDPR important?
With cyber security threats increasing, there has been increasing focus on safeguarding personal information. It is a strict privacy law that offers potentially worldwide benefits and peace of mind to individuals who share their data. By protecting data, you can protect your business from a potential exploitation, attack or data breach which can significantly damage your organisation and its reputation.
Does GDPR affect my business?
If your business processes personal data for any individuals who live within the EU, then your business must adhere to the regulation. Even if your business is based outside of the EU, if you have personal data for anyone within the EU, the regulation still applies. If you are in the UK, despite Brexit looming, it is likely that the UK will continue to maintain this regulation. So, it is best to act now to avoid potential fines from next year.
What personal data is applicable?
Personal data is considered any information that may identify a person. Direct and indirect data collection applies. Some of the information that’s subject to GDPR regulation includes;
- A subject’s name
- Email address
- Social media posts
- Bank details
- Medical records
- IP addresses
- Mobile phone IDs
- Genetic information
- Biometric data
- Fingerprints
- DNA samples
- GPs
In fact, anything that can physically, mentally, economically, genetically, physiologically, culturally or socially identify an individual must be considered.
Even if your business does not keep data, you may still be liable to follow GDPR regulations if you process information on behalf of another business, agency or individuals. You can find out more from the Information Commissioners Office.
How can my business comply with GDPR?
It is wise for businesses, individuals and agencies which fall into the category of data controllers or processors to have access to an appointed person who has data protection knowledge and understands what to do to comply with data protection law.
For larger organisations, GDPR may enforce you to have an appointed Data Protection Officer. For smaller teams, it may be beneficial for data protection to be a part-time role. Alternatively, it may be worth using a consultant with expert knowledge to help your organisation to achieve compliance and maintain good practice standards.
What measures can my business take to improve data protection?
There are many ways that businesses can increase their security measures which, in turn, will help to adhere to GDPR regulations. Considerations for your business and its security include;
- How can you make document management more secure?
- Is your user identification sufficient?
- Is your data encrypted?
- Can you improve data overwriting or automatic deletion processes?
- How can you protect your business from malware?
With GDPR coming into force, now is a perfect time to consider the accuracy of the information you have, how accessible it is as well as the storage and retention policies.
What happens if my business does not comply with GDPR?
Should there be a data breach or your business is found to be non-compliant, the penalties are serious. A severe issue could lead to a fine of €20 million or 4% of your annual global turnover, whichever is greater. Fines can be less and will depend on the severity of the breach. What’s important is that this is a situation that is not taken lightly and investing in compliance could save your business in the future.
How can Cyan Solutions help?
With expertise in information technology, we can empower your business not only to understand the new GDPR regulation, but we can also enable your business to achieve and sustain compliance.
If you want to find out more about how we can help to support your business with GDPR compliance, get in touch for friendly, expert advice.