General Data Protection Regulation (GDPR)
Jargon-free, straight-talking practical help to apply and get your business GDPR compliant.
The General Data Protection Regulation is a combination of 28 existing data laws. It is an EU law that will be adopted by the UK despite Brexit. The main aim of the law is to give people (data subjects) the power back over their data through various “rights”.
The GDPR aims are to reduce unwanted contact (solicitation) and the sale of your data for the use of commercial businesses. The regulation depicts doing this by securing the processing, access, transfer and deletion and storage of all personal data. This will affect all aspects of business data, from acquiring data, processing data, transferring and the secure removal of data. It will also impact the software and hardware, used to store data upon.
Businesses will need to identify ALL their data streams, the types of personal data they hold, review the processes and keep auditable documentation to exhibit their compliance. They will also need to establish if they need to appoint a Data Protection Officer, and who their Data controllers and processors will be.
It will be imperative for employers to ensure that all staff are aware of the regulation. It is the responsibility of employers to train their staff and familiarise them with all relevant policies and procedures.
Businesses must comply with the GDPR, which comes into force on 25th May 2018.
The ICO (Information Commissioners Office) is the fountain of knowledge on all things GDPR, and they have published a 12 steps guide to help businesses prepare for the GDPR you can find a link to this document by clicking here. They also offer a plethora of resources and support for businesses, and you can access this here.
You will need to ensure you and your staff fully understand the regulations, compliance, and penalties for non-compliance, and the ICO’s stance on this. If you hold data that you do not have consent to hold, you will need to cleanse your data. While it means the number of contacts on your database will reduce, those you do retain will be engaged. Just think of it as clearing out the deadwood.
Businesses will need to review their current systems. Audits will need to be conducted to identify the data you hold and use, who has access to it, and how it is processed. A review of the security of both your hardware and software, including mobile phones and tablets, as well as any data transfer methods will need to be undertaken to make sure you comply. Assessing your Cyber security can be completed in many ways, such as obtaining the Cyber Essentials Accreditation, or the ISO 27001 and while this will aid in becoming GDPR compliant, it will not cover all aspects of the regulation.
Businesses will also need to review their marketing methods and ensure they comply with the regulation.
To ensure you keep up to date with any GDPR amendments, sign up to the ICO’s blog, which offers really helpful advice, and can help to dispel any of the nasty myths and rumours that find their way to you.
Well for starters we speak in plain English, you don’t want or need to be bamboozled with jargon, you need to know the facts and what you need to do.
To become compliant with the GDPR you don’t need any bespoke fandangled software, you need a tool that works. We use basic spreadsheets to conduct an audit, which you can download below, and this helps to produce a GAP report that you can prioritise and work through. We can help you formulate compliant DPIA’s (Data Protection Impact Assessment) otherwise know as documenting your processes, and we offer free advice for your biggest concerns.
You can use our support as much or as little as you need. We have an admin team who can support your data cleanse. Our legally and CIPD qualified team can produce GDPR compliant policies and procedures for your business. If you would like more support, we offer a consultancy service where we come into your business and work with you and your heads of departments, managers and board, to direct and guide you through the process. We can even help you to train your staff.
There has been far too much scaremongering surrounding the GDPR. Once we have helped you to understand the regulation and your requirements to become compliant, the adjustments that you make will soon become second nature. GDPR isn’t scary, it’s just change!
The only thing that we can’t do for you is to take the ultimate responsibility of your data and it’s processing, this needs to remain in-house, as it is the businesses responsibility to ensure the security, and the adherence of the regulation.
We also speak at events in an attempt to raise awareness about the GDPR. If you have an event and would like us to present to the group about GDPR, please get in touch, we’d be happy to help.