The short answer to this is no there isn’t!
There is so much information available online and from companies that specialise in GDPR, which can help you learn about what it is and how you can make sure your company is compliant.
GDPR awareness is still low among UK businesses and many are unclear on how to comply with the new regulation.
Two factors that have reportedly stopped companies from making preparations to comply are believing that Brexit somehow provides exemption and not reading the new definition of personal data.
You would think that the hefty penalties companies could face for non-compliance would incentivise them to research the GDPR, however, many businesses appear to be in denial about its reach and effects.
In case you have been living on Mars over the last couple of years, let’s have a look at what GDPR is and what your company needs to know and do…
What is GDPR?
GDPR stands for General Data Protection Regulation and it was introduced back in May 2018.
According to the regulation, all data that is able to identify someone is classified as personal data and it includes everything from economic information to IP addresses.
It refers to laws and regulations on data protection and privacy for all individuals within the EU and the European Economic Area (EEA).
The regulations focus on how personal data is used and the aim of the regulations is to give people control of their personal data and to simplify the rules of data regulation for international business within the EU.
What does my company need to know?
Any organisation that processes data is now required to do the following:
- Confirm how and why personal data is processed
- Establish new transparency and individual rights that ensure compliance with everything stated in the new regulation
- Confirm their data collection process, the duration for which the data will be retained, if the data is shared with third parties or outside of the EU region
- Employ a Data Protection Officer (DPO) to manage compliance with the GDPR (depending on company size*).
* NB/ Article 30 of the regulation states organisations with fewer than 250 employees will not be bound by GDPR (https://gdpr-info.eu/art-30-gdpr/ See point 5).
However, GDPR can still apply to small businesses with fewer than 250 employees
(GDPR Article 9 https://gdpr-info.eu/art-9-gdpr/). Failure to comply with the GDPR will lead to heavy punishments. Under the GDPR, businesses can be fined up to €20 million or 4 percent of annual turnover (whichever is higher).
How do you start GDPR?
If you are unsure about GDPR you need to familiarise yourself with the regulations and then start implementing the changes needed including the following:
a) Educate your employees
You need to emphasise the importance of being compliant and you might want to consider giving your staff some training.
b) Carry out a data audit
You need to reassess your current data practices including changing and upgrading your current data privacy policies to comply with GDPR, such as what data you currently have, where did the data come from, is there an opt out/in for consent, how is the data used, and who has the data been shared with.
You will need to have a record of all your data, and all your data processing activities. Therefore, GDPR will force you to ensure that your data is organised and easily accessible.
c) Create a plan of action
You have up to 72 hours to report any data breach.
You need a plan of action to highlight how to notice a breach or loss of data, and how to report it.
Failure to report data breaches will result in hefty fines, as well as any possible fines you might receive for the initial breach itself.
d) Hire a DPO
To comply with the new regulations, businesses with over 250 employees are required to have a DPO in place and that person needs to be trained in how to deal with GDPR.
e) Update your data storage procedures
You will need to change or update your system of storing data so it is in line with GDPR guidelines.
Why are legislators bothered about data security in the first place?
The answer to this question lies in one word and that is … cybersecurity.
Cybersecurity is the deliberate protection of Internet-connected systems including hardware, software, and data from cyberattacks.
Data is the fastest way to get information about anyone; this explains why there is increased awareness on the protection of data. Being cyber safe, means users have taken measures to protect their sensitive and vital information.
The best way to ensure that you are safe in cyberspace is by engaging a cybersecurity firm, such as turremgroup, which will help protect you against unauthorised access to data centres and other forms of computerised systems.
The GDPR IS a step in the right direction, but compliance will be an ongoing task that will require careful monitoring.
For more information on turremgroup visit: www.turremgroup.com