31 Jan GDPR: What you need to know
Most of us will be aware of the new General Data Protection Regulation (GDPR) by now – and in just a few short months, on 25th May 2018, the new data regulations come into force, replacing the Data Protection Act. We’ve highlighted 5 key changes, to make you aware of how it could affect you and offer some tips on how you can prepare.
It will soon be a requirement for your business to be able to demonstrate how you are sourcing, processing and storing data, and how this complies with GDPR. You will also be fully responsible for the consequences of any data processing activities. This may be a challenge for some sectors, such as the charitable sector or micro-businesses, as GDPR requires a degree of time, funding and knowledge to comply.
All data collected and processed from individuals should be fair and transparent – you must increase the amount of information given to individuals, detailing what data you are collecting and what it will ultimately be used for. Healthcare and medical services, for example, must be really on top of this as they handle large volumes of sensitive data, often from relatives or vulnerable individuals.
Similar to privacy, you must also improve the transparency of marketing material. When signing customers up to sales and marketing information, a tick box to opt-out is no longer good enough. You must be totally honest about whether you’ll share that information with any other firms, and give people a really clear option to opt-out. Many businesses may have to rethink how they currently communicate, becoming a lot more open and a lot less sneaky.
Individuals will be given much more control over their personal data under GDPR. They must have the ability to access their data at any point, as well as transfer it or delete it without any cost to themselves. GDPR affords individuals more power, including the ‘right to be forgotten’. So, if a customer asks you to remove their data from your files, this must be done within your physical records, online data, and cloud storage.
Data Protection Officer:
If your company is handling a large volume of data, a Data Protection Officer must be appointed. They must ensure that all data processing is compliant with regulations and meeting all requirements – more information on the role is here. It’s also important to remember that under GDPR, B2B data still counts as personal data. They are responsible for safeguarding the data and raising an alert if there is a breach (there are huge fines if not handled correctly!).
Under GDPR, businesses will still be expected to follow the data regulations, if they are processing the personal data of individuals from the EU, regardless of the company’s location. It will also apply to any businesses within the EU, whether the data processing takes place there or not. This is an important aspect for the leisure and hospitality sectors in particular, as their primary customers are not likely to be based in the same region, but either way, the GDPR still applies.
Bearing these pointers in mind, here are some suggestions on how you can get your company GDPR ready:
1. Don’t put it off. It is mandatory to fully comply with the regulations of GDPR from its implementation on 25th May. If you don’t, you could face hefty penalties or prosecution.
2. Nominate a Data Protection Officer. If you aren’t in need of one, make sure to train all relevant staff on the regulations.
3. Conduct an audit on your current data processes. Make sure you fully understand what data you are collecting, where the data is coming from, how it is processed and where it is being shared/transferred.
4. Keep thorough records on all data processing and make sure they’re always up to date.
5. Update privacy notices for customers and consumers; they need to be fully accessible and written in clear, basic English.
6. Review your IT systems, ensuring that you have the correct technology to help you implement regulations such as, being able to copy or delete data easily, and secure it safely (including using cloud storage).
7. Create a plan of action for a potential data breach; know who to communicate it to and the deadline you must work to.
8. Stay informed. The Information Commissioner’s Office has a wealth of resources available on GDPR. Take a look here.
How Formedia can help you:
• We keep our servers secured and updated regularly through ongoing maintenance, which reduces the risk of data breaches.
• We also offer maintenance packages for the websites we create, so the security of your site won’t be compromised. This is particularly important due to the range of clients we work with and the potential personal data that may be handled.
• Formedia always gain full consent for any processing of data, and we are fully transparent on what we are collecting, rather than using only passive ‘opt-out’ boxes.
• We can guide you on how your internal and external communications, social media, competitions and marketing material get you the information you need, but stay fully compliant in the process!