We appreciate that businesses across the UK are at varying stages when it comes to the preparation for the new GDPR (General Data Protection Regulation). Businesses of ALL sizes will be affected but that doesn’t mean they are all ready. Some companies may be ahead of the game, having recruited effective Data Protection Officers and completed all of the steps recommended prior to the 25th May 2018 deadline. Others may be reading this with a sinking feeling that they can’t ignore this ‘game changer’ any longer. If that’s the case – you’re not alone. Experian reported in a recent survey that 48 percent of businesses admitted to not being ready for the GDPR.
We’re here to help you at each and every stage of your planning and implementation and we’ll start by explaining (in plain English) what it’s all about…
What?
The GDPR is a new EU regulation designed to protect and enable the privacy rights of individuals. The regulations move the control of personal data back to the owner of the data itself and will affect how organisations store, secure and manage personal data. Please don’t assume that it is just about electronic data – it isn’t. The GDPR covers data in all its forms.
The GDPR spans ALL businesses across the whole of the EU and even though the UK has opted to leave the EU, it has committed to fully implement these new regulations. Perhaps most susceptible to more in-depth requirements are organisations who work with consumers.
When?
The GDPR comes into force on 25th May 2018. Once in operation the GDPR will carry serious implications for those who choose to ignore it or are ineffective when it comes to implementing controls.
After 25th May 2018 any serious personal data breaches that happen to UK companies must be disclosed to the ICO (Information Commissioner’s Office) within 72 hours. The victim/s of the breach must also be notified within this same time period. Failure to do so may result in fines of up to four percent of the company’s annual global turnover or up to 20million Euros.
It is expected that GDPR violations will be taken very seriously, regardless of whether the breech has been reported in a timely manner. Adopting information security best practice will go a long way in preventing a breech and reducing subsequent penalties.
It is important for businesses to put procedures in place to cope with the rules set out within the GDPR.
Why?
You may be shocked to learn that globally in 2016 almost 1.4billion data records were lost – an astonishing 86 percent increase on the previous year.* It is statistics such as this one that have driven the need for a change in regulations.
The GDPR will also tighten the rules surrounding obtaining valid consent to use personal information. Companies must be clear and concise regarding how gathered information will be used. Lack of authorisation no longer constitutes consent – organisations can no longer assume individuals agree to their terms unless they have explicitly stated that they do, this includes employee records such as CV’s.
Do you engage with direct marketing? If your current database includes contacts who have previously not opted-in, we would advise you re-enrol them. This can be done in a variety of ways, including partnering with a sales company to call subscribers on your behalf and request their permission to feature on your database.
There are many practical actions that your company can be taking in preparation for the GDPR. In order to help you form the best strategy for your business we are offering a FREE, no obligation face-to-face consultation with one of our experts – this will be an informal chat about GDPR and its impact on your business.
Whilst we are not GDPR Auditors, our experience successfully implementing ISO 9001 and 27001 has equipped us with specialist knowledge on how to deal with information security, especially in instances whereby technology underpins business activity. Also, we have recently completed an information security audit based on the principles of cyber essentials for a long standing software sales client and we are keen to transfer this critical know-how to others.
There are a limited amount of spaces for this free offer so please contact us now to reserve your place.
Source:
* http://smallbusiness.co.uk/data-records-compromised-2537733/