GDPR, Brexit, and what my business can do to prepare

Business Insights
18/10/2017
Subscribe

By Dave Rogers - King of Servers.


General Data Protection Regulation (GDPR) is the latest regulation, ratified by the European Union (EU), that aims to strengthen data protection measures for all individuals in the EU. It’s set to replace the outdated Data Protection Directive that was first published in 1995. GDPR is particularly worrying for businesses, as non-compliance can have severe financial consequences.


Over the course of this article, we’ll explain what GDPR is, what it does and what your business can do to prepare for the 25th May 2018 deadline.


GDPR in brief


GDPR is a regulation that strengthens data protection measures for individuals within the EU. With the rapid growth of the Internet, and web services changing the way we interact with businesses on a day-to-day basis, the EU Parliament and council of the European commission sought to update the way data is stored and to protect European users’ personal data.


GDPR is centered around granting EU citizens more control over their data. The key themes are:


  • The right to be informed - you are obliged to inform web users how you intend to process users personal data
  • The right of access - your business must surrender data you hold on an individual if requested
  • The right to rectification - your business must rectify personal data, if the individual in question considers their data to be inaccurate
  • The right to erasure - if requested, you must delete personal data you keep for an individual if you have no reason to continue holding it
  • The right to restrict processing - an individual can instruct your business to hold your data, but not process your data for any purpose
  • The right to object - primarily deals with direct marketing, individuals have the right to object to their data being used in this way.

Plan for GDPR or face big fines


Breaches are set to be punished with impunity, with organisations facing hefty fines in the region of 20 million euros or four per cent of their turnover - whichever is greater. The significant fines are designed to be a deterrent for businesses that don’t take GDPR seriously.


To help you avoid large fines, we’ve identified three of the most important things you should think about when considering GDPR:


Appoint a Data Protection Officer (DPO)


Make one person your central point of contact for all GDPR enquiries. This person will be responsible for getting all your GDPR processes in place and can act as your GDPR champion in order to help train and promote awareness amongst your staff.


Audit your data


Once you’ve appointed your DPO, carry out an audit of all personal data your business holds. You’ll need to think about where, how and why you captured all this data. This should help you identify what data needs action.


Be clear on consent


Review your existing procedures to identify whether it is as easy for individuals to withdraw their consent as it was to provide in the first place. For instance, giving users options to unsubscribe from email lists.


Brexit doesn’t mean Brexit for GDPR


With Article 50 triggered and Brexit looming; it would be a mistake for businesses to ignore GDPR. The UK government has supported the legislation since it was initially read in the European Parliament, and it has already indicated that when the Brexit process is complete it will essentially, ‘copy and paste’ any EU law the UK is subject to into UK law.


Some commentators have suggested that perhaps when parliament is able to legislate without interference from Brussels, GDPR will be repealed. However, we think this is quite unlikely. As it stands, the EU is one of the UK’s biggest trading partners, and in order to continue doing business with countries inside the EU, the UK will need to ensure its own data protection laws match GDPR. Failure to do so may impact Britain's ability to do business with countries in the EU.


You should act now


Contrary to what many people actually believe, GDPR is in effect now. The law had an initial reading in 2012, where EU members voted on amendments and ratified the legislation. GDPR became part of EU law on the 27th April 2016. The EU granted businesses a two-year transitory period, in order to prepare for the changes in law. GDPR becomes enforceable on the 25th May 2018.


GDPR will have a dramatic effect on the way your organisation will manage data. It will be paramount to ensure your organisation complies with GDPR, and employ the latest security techniques and technologies to ensure your business adequately protects person data.


The clock is ticking, will you stick your head in the sand and ignore GDPR? Or will you seize the opportunity to make changes to your organisation and adequately prepare for the future?


W: www.kingofservers.com