Is your business ready for the GDPR compliance changes?
The GDPR is the EU General Data Protection Regulation that all companies in the EU or working with those within the EU, must abide by. Failure to abide to these regulations results in fines and even legal action.
On 25th May 2018, the GDPR compliance will be changing. With rules becoming stricter and punishments far, far greater. Companies will be facing fines of £20 million or 4% of their annual income, whichever figure is larger!
Though 2018 may seem like some time away, companies don’t have long to change their data protection and records in order to pass.
A big question UK participants have is the Brexit question. Are we exempt due to Brexit?
The answer is no, we will still be a part of the EU come the GDPR changes and UK governments have agreed that these conditions will apply regardless.
Is your business ready? Did you even know it was changing?
We’ve done our research on the main points your company need to be looking at changing ready for the new regulations in 2018.
Firstly, as the UK begins their depart from the EU, this does not make UK businesses exempt in any sense. UK businesses that trade with, work with or have data of any EU residents or EU companies, must also abide to the new regulations.
One huge change that will affect large corporations especially is that companies no longer hold the rights to release information on their shortcomings, should they fall victim to a breach or security hack. That right will be handed over to the GDPR who will then decide whether that information should be made public or not.
Every breach must be reported. Failure to report a breach within 72 hours to an appropriate authority will result in massive financial repercussions and even legal action.
What we consider ‘personal data’ is broadening. What were otherwise thought of as ‘impersonal fields’ are becoming a part of an individual’s data protection rights. For instance, genetic, mental, cultural, economic and social identity are all factors that can be seen to identify a person and are therefore becoming part of our protected data.
For any child under the age of 16 a company must have parental or a legal guardian’s permission before processing any data on said child.
Consent for collecting an individual’s personal data must be simple and clear. Silence or failure to dismiss their consent with no longer suffice as given consent. It must be evidently clear that the customer or client in question understands and agrees to the company holding their personal data.
The GDPR follows the compliances of the Data Protection Act in that client’s data must be stored and used within these laws.
This data must also be deleted upon initial request by the concerned client. No individual should have to ask twice as this is then in violation of the GDPR rules.
A new amendment to Article 35 of the GDPR means that Data Protection Officers must be in place for any company in the public sector or for any company where the core activities are in the data processing department, especially on a large scale.
Any private company that’s core activities are not in the department of data processing do not need this in place.
These Data Protection Officers can be held responsible for any data breaches either instead of or as well as the company they are representing. This is all dependent upon their contractual agreements with the employer. The responsibilities of a Data Protection Officer must therefore be written clearly and simply in order to be fully understood.
For companies outside the EU, they may find the transfer of data runs much more smoothly by appointing an EU representative. Companies within the EU are very cautious when transferring data internationally as it may be at risk of breaching the GDPR overseas, which would still count as a breach for the company that transferred the data.
A new singular authoritarian body will now be monitoring the GDPR compliance, rather than an individual body for each EU country. This should make it easier and cheaper for companies to trade within the EU and will also have a more positive impact on internet providers across the EU also.
It’s time now to be looking into our companies and how well our data is protected.
Are you computers fitted with the best anti-virus?
Are your servers up to date and fitted with an appropriate firewall?
Is your data backed up in a safe and secure way in case of system failure?
Is your email of an appropriate and trustworthy company? – If Google are hacked again, is your client’s data at risk with Gmail? Is Hotmail as secure as it could be? Now’s the time to change it.
That’s where we come in.
Send us an email to firstname.lastname@example.org with any queries regarding your company’s data protection for a FREE quote.
Now is the time to get ahead of the game and get prepared before May 2018.
For further information head to: