GDPR - Is Your Business ready? | 03/04/2017 | GenesisIT,Hull

GDPR - What your business needs to know

Genesis Business Systems Blog

Secure client and employee data, protect brand reputation and ensure compliance.

 

What is GDPR and why is it important for your business?

May 25th, 2018 will see a huge shift in data protection with businesses in the UK required to comply with a whole raft of new regulations. The current Data Protection Act is revoked and a new regulation comes into force – the General Data Protection Regulations (GDPR).

The General Data Protection Regulation is the most significant development in data protection that Europe has seen over the past twenty years. There is a much greater emphasis on compliance following a widely held belief that businesses have not taken data privacy seriously enough previously. It is a regulation that is relevant to every business, regardless of size or sector.

 

Why is this happening?

The Data Protection Directive of 1995 is largely outdated. The level of growth in technology, rapid adoption and the emergence of SaaS has rendered elements of the Data Protection Directive obsolete. The new legislation is designed to protect EU citizens and to protect their data from being exploited. Cyber security threats are also getting ever more sophisticated which poses a problem to many businesses about possible security attacks – it’s not if, it’s when.

 

How is it going to affect my business?

The accountability principles within GDPR places the onus of compliance squarely on the shoulders of individual businesses (regardless of whether your data is on premise or in the cloud). Each business must be able to demonstrate they comply with the regulations and it is their responsibility alone to ensure they do so. If the company is found to be neglectful, then someone will be held accountable.  

Being able to demonstrate compliance with GDPR will be a major task for businesses of all sizes. Companies with over 250 staff must also appoint a Data Protection Officer (DPO).

Under the GDPR, you must also appoint a data protection officer (DPO) if you:

  • are a public authority (except for courts acting in their judicial capacity);
  • carry out large scale systematic monitoring of individuals (for example, online behaviour tracking); or
  • carry out large scale processing of special categories of data or data relating to criminal convictions and offences.

This is a significant departure from DPA and the DPO will act as a first point of contact as well as monitoring and ensuring compliance with all regulations.

 

What are the penalties for non-compliance?

They vary depending on the severity of infringement. Some businesses can be fined up to 4% of annual turnover or 20 million euros so you need to take this very seriously.

 

Will Brexit will save you from the EU data protection rules?

UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the European Union, and the government has confirmed that the regulation will apply, a position confirmed by the Information Commissioner.

 

What do I need to do next?

The GDPR introduces Data Protection Impact Assessments (DPIA) as a means to identify high risks to the privacy rights of individuals when processing their personal data.

A planned, structured approach to the inevitable changes needs to be started sooner rather than later. A clear process has to be in place for managing data breach incidents.

Here at Genesis Business Systems we are working with customers to ensure your business complies to these new regulations.

  • Ensure senior management are aware of GDPR and the likely impact on your organisation.
  • Check your current data status – what personal data do you already hold, where did it come from and who have you shared it with?
  • Review your current privacy notices - what updates are needed.
  • Check your current procedures to ensure you are able to deliver on all data subjects’ rights. The right to:
  1. Be forgotten; have data deleted; a copy of their personal data (within a month, free of charge)
  2. Right to data portability – data electronically in a commonly used format
  3. Right to prevent automated decisions and profiling

 

Don't worry we will be creating a full series of documents around this in the run up to May 2018, so stick with us and we will guide you through.

Contact our team today to find out more about Data Protection and how it will affect your business. Call 01482 210999 or email [email protected] and we will be in touch.