With a rapidly approaching deadline (25th May 2018) and significant fines for non-compliance, firms need to be GDPR ready.
But really, the truth is that GDPR is a good thing and – as Elizabeth Denham, the UK’s Information Commissioner has pointed out – its implementation, even for smaller business should be neither scary nor onerous.
What is GDPR and does it affect me?
GDPR (General Data Protection Regulation) is a new law across the European Economic Area and in the UK that replaces the outdated Data Protection Act of 1998. It is meant to strengthen the control that individuals have over their data and ensure their right to privacy, which in turn requires greater controls by companies who store and process personal data.
Looking back to 1998, there were no smartphones, no social media sites and no online identities. The ways in which personal data was used and shared was very different from today, therefore the Data Protection Act is wholly insufficient for the technology of 2018. GDPR aims to bring data protection rules into line with modern day practices.
The focus of GDPR is to protect ‘personal data’, which means ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
In the UK, GDPR will be administered and enforced by the Information Commissioner’s Office (www.ico.org.uk).
What does GDPR mean for my business?
Research shows that individuals are concerned about the use (and possible misuse) of their personal data. The new rules are about greater transparency, enhanced rights for citizens and increased accountability by businesses and organisations. Businesses that comply with GDPR will benefit from an enhanced trust relationship with their customers, who will feel confident that their privacy is being protected.
Every business will be affected by GDPR slightly differently, it all depends on what personal data your business holds and what you use if for, keeping in mind that your employee data, not only customer data, is also covered by the new regulations.
Smaller businesses (with under 250 staff) have some exceptions but are not exempt. That said the ICO has produced a wealth of useful information, guides, self assessment tools and a helpline specifically for smaller organisations. We have provided links to these useful resources below.
It’s also worth noting that GDPR applies to any organisation processing the personal data of any EU citizen, even online retailers based in America or China if they deal with EU customers.
What do I need to do?
Don’t panic and do your research.
Most of the new GDPR processes are simply best practices based on existing regulations, so you shouldn’t need to change too drastically. However, you may need to review some of your existing processes and policies to ensure they are compliant with the regulations.
There are penalties for non-compliance and if the regulations are still ignored there are fines as a last resort. But at the end of the day GDPR is about doing the right thing for your customers and their data. It may be unavoidable, but it can be a good thing for your business. Get in touch today to find out how Cloudserve can review your IT processes to ensure GDPR compliance.
Below is a collection of useful resources we have gathered to help you navigate GDPR and ensure your business is compliant.
- This is a useful guide from the ICO that contains a list of frequently asked questions.
- The ICO have put together this handy 12 step guide to preparing for GDPR.
- Run a self-assessment to understand your current compliance and identify any weak areas.
- Here is a useful online guide to GDPR.
- If you run a charity you can get specific GDPR guidance here, and the Institute of Fundraising hase prepared this useful information.
- This excellent video from the Federation of Small Businesses provides a handy overview of GDPR, more content from them is on the way.
- If you need advice from the ICO, you can get in touch with them here.
- Get in touch with Cloudserve to get a full review of your IT systems to ensure you are GDPR compliant.