The short answer to this is no there isn’t!
There is so much information available online and from companies that specialise in GDPR, which can help you learn about what it is and how you can make sure your company is compliant.
GDPR awareness is
still low among UK businesses and many are unclear on how to comply with the
new regulation.
Two factors that have reportedly stopped
companies from making preparations to comply are believing that Brexit somehow
provides exemption and not reading the new definition of personal data.
You would think
that the hefty penalties companies could face for non-compliance would
incentivise them to research the GDPR, however, many businesses appear to be in
denial about its reach and effects.
In case you have been living on Mars over the last
couple of years, let’s have a look at what GDPR is and what your company needs
to know and do…
What is GDPR?
GDPR
stands for General Data Protection
Regulation and it was introduced back in May 2018.
According to the regulation, all data that
is able to identify someone is classified as personal data and it includes
everything from economic information to IP addresses.
It refers to laws and regulations on data protection and privacy for all
individuals within the EU and the European Economic Area (EEA).
The regulations focus on how personal data is used and the aim of the
regulations is to give people control of their personal data and to simplify
the rules of data regulation for international business within the EU.
ALL that operate with data within the EU region need to be familiar with the regulations and understand how they work.
What does my
company need to know?
Any
organisation that processes data is now required to do the following:
- Confirm how and why personal data is processed
- Establish new transparency and individual rights that ensure compliance with everything stated in the new regulation
- Confirm their data collection process, the duration for which the data will be retained, if the data is shared with third parties or outside of the EU region
- Employ a Data Protection Officer (DPO) to manage compliance with the GDPR (depending on company size*).
* NB/ Article 30 of the regulation states organisations
with fewer than 250 employees will not be bound by GDPR (https://gdpr-info.eu/art-30-gdpr/
See point 5).
However, GDPR can still apply to small businesses with fewer than
250 employees
(GDPR Article 9 https://gdpr-info.eu/art-9-gdpr/). Failure to comply with the GDPR will lead to heavy punishments. Under the GDPR, businesses can be fined up to €20 million or 4 percent of annual turnover (whichever is higher).
How do you start GDPR?
If
you are unsure about GDPR you need to familiarise yourself with the regulations
and then start implementing the changes needed including the following:
a) Educate your
employees
You
need to emphasise the importance of being compliant and you might want to
consider giving your staff some training.
b) Carry out a data audit
You need to reassess your current data practices
including changing and upgrading your current data privacy policies to comply
with GDPR, such as what data you currently have, where did the data come from,
is there an opt out/in for consent, how is the data used, and who has the data
been shared with.
You will need to have a record of all your data, and
all your data processing activities. Therefore, GDPR will force you to ensure
that your data is organised and easily accessible.
c) Create a plan of
action
You have up to 72 hours to report any data breach.
You need a plan of action to highlight how to notice a breach or loss of data, and how to report it.
Failure to report data breaches will result in hefty
fines, as well as any possible fines you might receive for the initial breach
itself.
d) Hire a DPO
To comply with the new regulations, businesses with
over 250 employees are required to have a DPO in place and that person needs to
be trained in how to deal with GDPR.
e) Update your data
storage procedures
You will need to change or update your system of storing data so it is in line with GDPR guidelines.
Why
are legislators bothered about data security in the first place?
The answer to this question lies in one word and that is … cybersecurity.
Cybersecurity is the deliberate protection of Internet-connected systems
including hardware, software, and data from cyberattacks.
Data is the fastest way to get information about anyone; this explains
why there is increased awareness on the protection of data. Being cyber safe,
means users have taken measures to protect their sensitive and vital
information.
The best way to ensure that you are safe in cyberspace is by engaging a cybersecurity firm, such as turremgroup, which will help protect you against unauthorised access to data centres and other forms of computerised systems.
The GDPR IS a step in the right direction, but compliance will be an ongoing task that will require careful monitoring. can provide your with a series of packaged solutions that cut through the GDPR noise and presents you with a clear and concise base level report.
For more information on turremgroup visit: www.turremgroup.com