How much do you know about the personal data your business gathers? Are you confident in your organisation’s ability to adapt to GDPR? This topic should be high on your to-do list right now, because you now have less than 5 months to prepare for the new legislation!
The law has changed, and no matter how big or small your business is, you need to prepare. Here at Allied, we are here to assist you in making the changes you’ll need to keep you compliant.
So, what is GDPR?
GDPR is the European Union’s ‘General Data Protection Regulation.’ This legislation is designed to give individuals more control over how businesses are using their data. This is fantastic news for consumers, however, it presents a complex challenge for businesses. Consumer data must now be portable between data processing entities, and your policies must be much more transparent and easy for your customers to understand. There will need to be an introduction of privacy and security to workflows, and non-compliant businesses will be faced with much bigger fines! Learn more here.
What are the charges and penalties involved?
GDPR has been designed to protect privacy, but rather than just focusing on ‘opt-ins’ and getting consent before storing or retrieving any information, it goes a whole lot further. Consumers will now have the option to retrieve their data in a portable format that can be transferred between service providers, or even demand to have their data fully removed from a business’ system.
The penalties of failing to comply with this new regulation are pretty painful! Should a business disobey these rules, they could be fined up to 20 million euros or 4% of total revenue (whichever is the greater).
When should you take action?
The GDPR law has already come into effect however the EU has given all organisations until May 2018 to become fully compliant. This legislation applies to businesses of all sizes, and whilst it may seem like a long way away, there’s some easy things you should do right now, which mean you won’t run into trouble later.
There is still a frightening amount of businesses who either do not yet have a plan in place to deal with GDPR, or are completely unaware of the incoming rules altogether!
In order to ensure that your paper records comply with the GDPR, take some time to consider and ask yourself the following:
How do I locate the data in question?
Before these new rules can be addressed, and any data can be de-personalised, or even deleted, you need to be able to find it. With the consumer’s new ‘right to be forgotten’ it is important that you are able to locate this data in order to respond to requests, and avoid facing any penalties and fines. Whilst deleting digital data from from your records can be a fairly simple process, unfortunately, hard copies aren’t so easy to locate and dispose of.
How many copies of that data are in my possession?
Having a strict and clearly defined process for managing data and information from creation stage all the way to destruction stage may not be enough on its own. Be very aware of the fact that paper copies have the ability to triple their lives! Whether that be through copying or careless disposal, it is extremely difficult to manage paper copies, as they can easily slide through information storage policies.
How can I guarantee privacy of my consumers data?
Where paper copies are concerned, there needs to be a rigorous information handling process in place. The GDPRs ultimate aim is to ensure privacy during information production, management and disposal. Your business should safeguard all data, making it impossible for unauthorised persons to access any documents that may carry personal information about your customers.
Is there an easy way around this?
Yes. In order to completely avoid the danger of losing any paper copies of information that might exist, and any unauthorised copying of those copies, you should consider digitising these files. This will allow you complete control over your documents and keep them as safe and secure as possible.
If you would like to arrange a consultation with us regarding the new GDPR legislation, please call us today on 01794 526088 or email us at firstname.lastname@example.org.