It’s not often that a single piece of legislation can be said to truly affect all businesses but the implementation of the General Data Protection Regulation is one case in point.
GDPR provides a legal framework for keeping everyone’s personal data safe by requiring businesses to have robust processes in place for handling and storing personal information. It’s also designed to protect us as individuals from being contacted by organisations unless they have a legitimate reason to do so.
While you’ll have heard of the Data Protection Act and understand the need to be careful with data, GDPR covers a wider scope including broader definitions of ‘personal data’, the information to be given to individuals, strict timeframes for reporting issues to the ICO and the need for some businesses to appoint data protection officers.
There has also been a lot of talk in national media regarding the right to be forgotten, although requests can be refused if there is a business need for the information in question. In some cases, data may instead need to be anonymised rather than completely removed if, for example, it relates to a financial transaction where accounts would need to be retained.
Businesses will also be subject to tougher penalties for non-compliance which, in some cases, could reach €20 million or more, so understanding your obligations from 25 May 2018 is vital.
Some industries, will be more affected than others – however, anyone holding data in a business capacity in any form will need to make sure that they comply.
Data is often held and used by different parts of an organisation so it’s important to get all relevant teams across your business involved in discussions and make sure that you are clear on your obligations and your approach.
Essential things to consider now (if you haven’t already)
- Carry out a data audit
- Check how you currently get consent to hold data (and whether you need consent at all)
- Make sure that your business contracts are in order, both with your clients/customers and with third party suppliers who may need to process data to perform their role
There is still time but the sooner you start the process the better. Cleaning your current data will be much easier without the pressure of a looming legal deadline.
or more information visit www.bpe.co.uk/gdpr