The General Data Protection Regulations should be on every businesses agenda’s at the moment, with little over a year to go before it is due to come into effect on the 25th May 2018.
What is GDPR?
The General Data Protection Regulation (GDPR) is applicable to EU Residents’ data wherever the data is processed throughout the world. Any company that holds any personal data, including, clients, prospects, leads or internal team members information, will need to be protected to the highest levels. The penalties are huge and if you fail to conform SMB businesses could face fines of up to £20m. All businesses will need to comply and make changes to the way they protect their businesses data.
Does Brexit mean we do not need to worry?
On Wednesday we will see the Article 50 triggered (Article 50 is a plan for any country that wishes to exit the EU – an agreement signed up to by all EU states which became law in 2009.), it will still take at least 2 years (March 2019) for the UK to formally withdraw from the EU and could be extended. We do not know exactly what effect Brexit will have on GDPR but we do know there will be at least a year that you will need to be protected and vigilant.
How will your business be affected?
The level of risk will all depend on your business size, data held, data protection already in place.
- Do you have more than 250 employees?
- Do you have fewer than 250 employees and process data that could result in a risk to the rights and freedoms of EU residents?
- Do you have fewer that 250 employees and process personal data on a day to day basis?
- Do you process data that is likely to result in a high risk to the rights and freedoms of natural persons?
- Is your organisation a Public Body or do you require regular and systemic monitoring of data subjects on a large scale?
- Should you have a request to see, update or delete all personal data for a Data Subject, do you know what data you have and would you be able to complete this task within 30 days? This may include data in archives, backups and paper files.
- In order to safeguard against personal data breaches, can you protect from an Insider Threat? These account for the vast majority of data breaches and include:
- Accidental – Poor user awareness & communicated policies; Is data where it should be
- Malicious – Rogue or disgruntled employee; Corporate/national espionage & organised crime
- Compromised – Phishing, data breaches & BYOD contamination; Credentials extracted, social engineering
Have you answered yes to any of the above questions? If so then it is likely that GDPR will impact on your business.
How can Complete I.T. help?
At Complete I.T. we are constantly researching and testing solutions and processes to help our clients run their businesses in the best way possible. There is no one solution to help you become GDPR compliant but there are many steps you should be taking. We have partnered with TrueSwift to ensure our clients do not fall prey to the GDPR and can continue working as normal.
TrueSwift resources have been delivering data management and information governance services to clients since 2000. The team has worked across organisations of all sizes in all market verticals in both public and commercial sectors. With a significant number of engagements focused on assisting clients with data compliance solutions, from early 2015, TrueSwift has dedicated significant resource on researching GDPR and understanding its implications in relation to good data/information management practices.
Whether you are a Complete I.T. client or not please contact us today to discuss GDPR and how we can help your business avoid massive fines.