34
Are you GDPR ready?
know the facts!
Cyber attacks seem to hit the news fairly regularly these days; it wasn’t that long ago when an attack crippled the NHS and infected 300,000 computers in 150 countries so we all have a right to be concerned about our private data falling into the wrong hands...
...Introducing the General Data Protection Regulation (GDPR) that comes into law in EU member states from May 2018 (whatever happens with Brexit, we will still have to comply). Before you switch off with boredom, it will affect every business in the country and will also affect you as a citizen so it will pay to know the facts as non- compliance simply isn’t an option.
In a nutshell this massive overhaul of data protection laws means that you will be able to ask for your personal data held by a company - from your name to your DNA - to be removed or destroyed from their records and you will have the right to have
social media posts removed (both points known as the ‘right to be forgotten’). There are conditions surrounding data erasure but data controllers and processors are directed to comply ‘without undue delay.’ You can also ask any company to supply you with a copy of the personal data they hold about you, which must be supplied free of charge in an electronic format within 30 days.
On the plus side as individuals, the organisations we deal with will need to attain explicit consent regarding the processing of our data which should limit the annoying marketing calls, texts and emails that we never signed up for as data can’t be shared between companies. On the downside, it has huge implications on your working life.
There will be severe penalties for breaches of personal data, with a tiered approach depending on the infringement. The maximum fine will be 4% of global turnover or €20,000 (whichever is the greater) and for lesser infringements such as failure to notify about a breach, a fine of 2% of global turnover could apply. It’s enough to make you sit up and listen as the long-term consequences of ignoring GDPR could be catastrophic.
It’s not a surprise that many businesses are not ready for GDPR as they may not have the budget, expertise or resources to employ; in fact the Direct Marketing Association surveyed its members and 46% of businesses don’t expect to be
compliant in time. There are some significant differences between the old Data Protection Act and GDPR such as if there is currently a breach of data, companies are only obliged to notify the individuals affected and with GDPR the whole customer base must be informed. If you have a large database, this means a massive communication to everyone, a potential rush of enquiries by customers who want to know how it affects them and then how you stop them moving to competitors if it negatively affects your reputation.
It is worth bearing in mind that not all data held in a business is electronic, with the ICO reporting 36% of UK security incidents on quarter 3 2016 being attributed to paper. Shredding potentially sensitive documentation will be an integral part of the business data process management and will support GDPR compliance. Your current paper shredder might not be of a secure enough level to prevent a data breach so check out our Auto Feed range from Rexel on the next page that will ensure you are compliant.
There are thousands of articles online about GDPR but our advice would be to visit www.eugdpr.org where you can find out much more on this new legislation. Every business in the UK will be affected differently but by preparing now, you can avoid potentially large fines as carrying on with your current data procedures in tantamount to burying your head in the sand. Good luck.