GDPR explained and the next steps…
The General Data Protection Regulation (GDPR) is something that most businesses will have heard about by now the publicity surrounding GDPR is increasing on a daily basis and will do for the foreseeable future, but do you need to be aware and listen to the hype?
The answer is yes …
If your business holds any personal data then you must understand and comply with GDPR, by having in place the necessary processes no later than May 25th 2018.
Why has it been put in place?
The government introduced the GDPR in April 2016, encouraging businesses to comply by May 2018. The GDPR requires businesses of all sizes to have a level of data privacy and security that is beyond most organisations current practice. Large fines will be given to any businesses that do not comply.
What will I have to do come May?
The GDPR states that you must be able to clearly identify all personal data that you hold, prove that it is secure and that the correct processes have been followed. On top of this, data must only be used for the reason it was intended and consent must always be given.
Data that is not needed will have to be deleted, as retaining some personal data will no longer be lawful.
If an individual asks for their data back, and proof that it has been permanently deleted, you must be able to disclose the information within 40 days.
Why now?
For over 20 years there has been a directive in place that is there to protect data and ensure privacy, however, this was not legally binding and due to the changes in the way data is handled, something more substantial is now needed.
Will I need to comply?
Yes, if your business has any employees or customers then you will currently be holding data that needs protecting in line with the GDPR.
The GDPR defines personal data as “any information relating to an individual, whether it relates to his or her private, professional or public life. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer’s IP address.”
There are also additional rules relating to national security, child protection, healthcare, historical and scientific research purposes.
What are the next steps?
Talk to the experts, at Complete I.T. we have partnered with experts on GDPR who will carry out compliance testing and help you to put a plan and processes in place before the May deadline.
Educate yourselves and your teams, we put on a number of seminars every quarter that are aimed at educating you and your businesses on the GDPR, Cyber Crime and other current subjects relating to your organisations security and compliance.
Be proactive, this is not something that may affect you, it will affect you so do not bury your head in the sand and hope that someone else will deal with it. Talk to your IT departments, IT Support Providers and seek expert advice.
Join Complete I.T., Redscan, Datto and Microsoft on the 2nd November at the Hospital Club, Covent Garden as we explore the rise in Cyber Crime and provide you with the tools and knowledge you need to educate your teams. We will be looking at the General Data Protection Regulation in more detail and helping you to put together a plan to ensure your business is protected against the impending penalties. Register here, or contact one of our offices, Birmingham, Bristol, London, Manchester, Oxford, Peterborough, Swindon, Thames Valley for more information.