What does GDPR mean for your business?

May 2018 will see the introduction of the European General Data Protection Regulation (GDPR), this will have a major impact on UK business but what does it actually mean?

In very simple terms GDPR is a new piece of legislation being introduced to all countries within the EU with the specific aim of protecting all persons and their personal data. To be clear a person’s ‘work’ email address and work phone number are included within this. In practical terms it means all businesses need to consider very carefully how they collect, use and store data.

Data protection, particularly around personal data is even more essential than ever with the increasing risk of cybercrime and the recent major security breaches that have been seen. It will also be moving forward key to understand how individuals consent to their data being collected. A failure to adhere to the new regulation could lead to business fines of between £8 Million and £16 Million.

Key considerations for GDPR in the lead up to May 2018:

  1. Awareness and training

One of the key ways to ensure GDPR compliance moving forward will be to not only understand the regulation and its requirements thoroughly but to also ensure all staff within the business have an understanding of its importance to the business and why it is necessary to be vigilant against avoiding data security processes.

  1. Audit and Check

A key step is to complete a full audit of the business and to review all aspects of data collection and storage in the business. What information is held? It is key that you understand how it was collected, when and why it is needed? This is required for all personal data including details about staff.

All present privacy notices and contracts should be reviewed and plans put in place for any required changes?

  1. Understand the requirements

The rights of the individual and a key part of the new regulations. In an attempt to equalise the balance of power between the customer and the company collected the data, new rights that have been introduced include the following:

The right to be informed, the right of access, the right to erasure, the right to restrict processing, the right to object & the right not to be a subject of profiling.

This means the way data is collected and stored must be in line with the expectation and wishes of the person/company. This could mean confirming how consent was obtained and what was collected but also deleting the data if requested.

Although GDPR might seem like a way of making life difficult for businesses and making it difficult to collect customer data, in truth it is about ensuring privacy.

By understanding the regulations and ensuring your business supports compliance and high levels of data privacy, you will moving forward be in a better position to attract customers.