One of the most interesting things about the imminent arrival of the General Data Protection Regulation (GDPR) is how it’s provoking such different reactions across the board. Some business owners are already consumed by panic, whereas others are unaccountably blasé.
Neither overthinking things nor burying your head in the sand will help you avoid big fines. The key to surviving GDPR is about embracing and respecting it; wholly committing to the necessary preparations so everyone in your organisation is ready for 25th May 2018.
If you still can’t quite fully comprehend the rules or consequences of GDPR, it’s worth reading on to learn more about the regulation before it comes into effect. The more you know, the better equipped you’ll be – so without further ado, here’s the first instalment of our four-part GDPR blog series:
GDPR is a regulation designed to protect the privacy of EU citizens’ data. The courts have determined that people deserve tighter control on their own personal information; including how it’s used, where it travels, and who has access to it.
The regulation officially comes into effect on 25th May 2018, replacing the Data Protection Act 1998. From that date, organisations must maintain thorough, accurate, up-to-date records of any data they have stored, handling/processing information according to the wishes of the person to whom it belongs.
Businesses will also need all their mail recipients to willingly “opt-in” to continue sending things like newsletters legally.
There are multiple branches to GDPR, but the four key points worth remembering are data integrity, data minimisation, data protection and accountability.
Data integrity refers to how businesses use information. All business owners must ask themselves whether their practices adhere to the data owner’s desires and if they are respecting the contents of this information. Data minimisation is the process of removing any data that no longer needs to be stored, whilst data protection involves taking all the necessary steps to keep information secure (e.g. encryption, cybersecurity).
Accountability essentially ties all of the above together i.e. taking responsibility for GDPR compliance. By creating a culture of accountability in the workplace, business owners can ensure everyone is pulling in the right direction.
GDPR non-compliance won’t be tolerated – regardless of whether it’s intentional or not.
Breaking the rules could land you a fine of up to 4% of your annual turnover or 20 million Euros (whichever is highest). Intimidatingly high figures.
The GDPR enforcers aren’t messing about – and neither should you. Bring in GDPR experts to educate your staff, determine what data you have to hand, install cybersecurity to keep data safe, and, if necessary, hire a specialist Data Protection Officer to dot all the I’s and cross all the T’s.
There’s a lot more worth knowing about GDPR, which is why we’ve put together a comprehensive guide – available for free download here
Stay tuned for blog two of our series, which is set to reveal some of the biggest mistakes people can make in the lead-up to the GDPR inauguration date.