What is GDPR?
We’ve all heard the term GDPR being thrown around, but do you understand what it is and what it actually entails?
GDPR stands for General Data Protection Regulation. It was introduced to unify all EU member states’ approaches to data regulation. By doing this, all countries within the EU will have an identical set of data protection laws.
The regulation is designed to protect all EU citizens, by putting them in charge of the information they share, where it’s shared and how it’s shared. GDRP is due to come into force on the 25th May. The UK is due to leave Europe within the next 12 months, however it will still apply to all businesses that handle EU citizens data.
Complying With GDPR
Complying with GDPR can seem a daunting task, especially if you haven’t already started. Don’t start panicking through, we’ve come up with 5 pointers to help ensure that your company is GDPR compliant.
- Access – Firstly, you need to access all of your current data. No matter what technology you use or where you might be storing it, you need to access all of it. Knowing where all data is and how it’s being stored can help you to understand the data landscape you’re working with. Building a full inventory of data means you can assess the current privacy and chance of exposure and enforce the new rules before they come into play. GDPR requires you to know where all data is and isn’t being stored.
- Identify – When you have accessed all of the personal data you hold, you can start to plan for what you need to do, to control it. Personal data can be things such as names, email addresses, phone numbers and a number of other things. Once you have this data you’ll need to categorise it, so data elements can be accessed. Its likely you’ll be handling a lot of data, so using a system or software will help to make the process run more smoothly.
- Govern – Once you understand the types of personal data you hold, you need to then share this information across your business. To comply with GDPR all privacy rules need to be documents and shared across all lines of the business. Data should only ever be accessed by people with the right permission and for the right purpose. By linking your business terms with physical data sources, you can create the right data system that will provide you with the required level of control.
- Protect – As soon as you’ve established a personal data inventory and the right governance is in place, you need to then protect this. To comply with GDPR you can use any of the following techniques encryption, pseudonymisation or anonymisation. Rather than storing personal data that isn’t actually needed, the easiest way is to delete it. Only keep the data you need to run your business.
- Audit – The final step is auditing; this means you’ll need to produce clear reports that show regulators how you manage and protect data. Your audit should include, what data you have and where it’s located, the correct process in place for managing consent, you can prove how personal data is used, who uses it and the purpose it’s used for and finally have the right systems in place to handle the right to be forgotten and data breaches.
GDRP Compliance Doesn’t Apply To Me
Really? Most businesses of all shapes and sizes, will handle some form of personal data. Don’t think just because your a small business you don’t need to comply, all business that handle data must follow the new regulation. Failure to comply could lead to a company being hit with a fine of €20 million or four per cent of their global annual turnover.