GDPR Essentials Guide
You probably already know that new GDPR data protection laws are being introduced this month. But did you know that your business could be publicly shamed if you don’t comply?
If you’re thinking that data legislation is the last thing you want to be thinking about right now, I understand. It’s certainly not the most scintillating of subjects.
But before you look away and do something else, stop!
This short educational guide has been created to help you get your head around GDPR and get it right, early and quickly. Because honestly, this is something you really can’t afford to ignore. The penalties for getting it wrong are enormous, for all-size businesses. Including yours.
And we’re not just talking about the financial implications. One of the biggest problems you’ll have to face if you do get it wrong is having your company’s data protection mistake made public to the rest of the world.
A brief recap:
What exactly is the GDPR?
The European General Data Protection Regulation (GDPR) is the new, improved version of the Data Protection Act. It comes into force on 25th May 2018, and it will change the way organisations collect and manage the information they collect about customers.
The regulation is the new framework for data protection across the whole of Europe. According to the governing bodies behind it, GDPR has been designed to harmonise data privacy laws and protect the rights of individuals.
We already have data protection laws. Why do we need more?
Yes, we do, but things have changed a lot since the last laws were passed. It’s hard to imagine now, but back in 1998, there was no such thing as smartphones and Facebook. Let’s face it, the world is a very different place now and the change is long overdue. We’re creating and collecting huge amounts of digital information every second, and the laws created twenty years ago just don’t cut it anymore.
Is my business going to be affected?
Yes. All organisations that collect data – even just a name and number – will have to comply with the GDPR. There are more hefty requirements for businesses employing 250 staff or more, but all organisations that collect any kind of personal data are going to be affected.
You will also have an obligation to erase the data of any individual who exercises their “right to be forgotten”. At any time, your customers can withdraw their consent to your storing or using their personal data and insist that you delete it.
What’s the scariest part of GDPR?
Critically, you must also ensure that your data cannot be lost or stolen. If it is, you must tell the Information Commission’s Office within 72 hours. And you must also tell the people whose data has been breached.
In our view, that’s the scariest part of GDPR. Especially in the world of hacking and data theft we live in today.
Let’s dig a little deeper into what GDPR means for your business
You are required by law to report personal data breaches within three days. If the breach is likely to affect any individual’s rights and freedom, you must tell them.
You must be able to demonstrate that you have adequate breach detection, investigation and reporting procedures in place.
You must keep a record of any personal data breaches, whether you have to notify the people involved or not.
The fines are massive. We’re talking big figures here, up to £10 million or 2% of your global turnover (whichever is greater) for relatively small misdemeanours or £20 million or 4% of global turnover for big ones.
If the breach has a detrimental effect on an individual group, it’s really bad news.
You don’t have to necessarily suffer a breach to be fined. You will still have to pay out if you fail to process someone’s data correctly, fail to provide an individual with their data when requested or don’t employ a data protection officer if required.
Brexit is irrelevant
No matter how much people like us bang on about it, some companies are still of the opinion that they won’t have to worry because Britain is leaving the EU. Nope.
Any company with employees located in the EU is obligated to comply. Brexit or not. Sorry about that.
If you don’t comply – either deliberately or by failing to plan – it can have catastrophic effects. Not to mention all the time and money you’ll waste gathering all the information and dealing with the PR nightmare you’ll be pulled into.
During the three days following a breach, you’ll be faced with a barrage of questions and concerns. Your employees will panic. Morale will be at an all-time low.
You’ll be frantically gathering information, trying to work out what went wrong and how you could have avoided this disaster. You’ll need to get legal advice, check out your insurance, dig deep into the company funds and face the embarrassment of having your customers and your competitors find out what’s happened.
Unless you’re superhuman, that’s going to have a knock-on effect on your sleep, your health and your home life.
Is it worth it?
Here’s the good news. It doesn’t have to be this way
The best way to stop data breaches like this from happening is to take a proactive approach. Prevention is always, always better than the cure. That means having robust security protocols in place and doing everything you can to keep your customers’ details safe and sound.
By outsourcing your data security to a team of experts who know their way around the GDPR.
Let’s face it, you’re already busy enough, so attempting to handle something as big as this yourself is asking for trouble.
The EU legislation is unwieldy. There are 99 articles, and they don’t make light reading. My team and I understand the data security aspects of this legislation.
We’ll ensure you have all the right levels of protection for your network and all your devices.
And we’ll help you sleep better at night.
Please, please don’t let complacency destroy the reputation you’ve worked so hard to build.
Don’t take your eye off the ball, and don’t become a GDPR statistic.