If you haven’t thought about the impact that the GDPR is going to have on your business you should definitely put it at the front of your mind as the May 2018 deadline is drawing even closer. Still not sure what the purpose of the GDPR is? The General Data Protection Regulation was designed was to simplify and harmonise the data privacy laws across Europe in an effort to further protect its citizens and give them more power when it comes to their personal data. This important regulation will change the way every business approaches data privacy. As the GDPR looms closer here are some tips to make sure you’re ready for it.
Be Aware & Prepare
It’s really important to have a good understanding of the purpose, aspects of and how it will affect not only your business but you as an individual also. Distribute information throughout your company internally so all staff have a chance to be educated on a regulation that will have an effect on how they handle and store personal data in their role. Putting together an informational guide or even hiring a GDPR specialist such as a data protection officer to train and advise your staff is a good way to raise awareness.
Carry Out a Data Audit
Investigate the data processes that you have in place in your company, what sort of personal data do you store, how much, and where is it stored are great questions to start thinking about. The data that is affected by the GDPR is any and all personal data stored by a business or organisation that can be used to identify and individual or is at all linked to any information that could lead to identifying an individual.
Consider decluttering the data that you store, evaluate what data is the most important and put together a checklist of the only information that you need to store and what information is not of value and is not needed to be retained. Once you have concluded what data is unnecessary you should debate whether it would be beneficial to destroy it. Holding less data can simplify future processes such as Subject Access Requests.
GDPR Knows No Boundaries
Although GDPR is very focussed on the control and privacy of personal, identifying data and information it doesn’t just pertain to companies who are based in the EU. Any company outside of the EU – whether you’re in Australia or Abu Dhabi – who collects data within the EU regarding EU citizens fall to the same regulations as companies based in Europe.
Know the Special Requirements
The rule of unambiguous consent is also being introduced with the GDPR. It is crucial that before any personal data is collected or used for marketing purposes individuals consenting to their data being stored understand 100% what they are agreeing to when handing over their information.
The GDPR is extensive and it is very important that you research and read up on every aspect of the regulation so you are prepared and completely compliant when May 2018 rolls around.
Get in touch with us here at C3 to see how we can help you, contact our team on 01223 427700 or email firstname.lastname@example.org.