In January 2012, the European Commission proposed a comprehensive reform of data protection rules in the EU. While the Directive became law on 25th May 2016, EU Member States have to transpose it into their national law by 6th May 2018.
General Data Protection Regulation (GDPR) is coming…
Don’t you just hate it when you think you’re on top of things then something comes along and throws a spanner in the works?
Like when you when you’ve encouraged all your customers to go to Azure and Office 365 and then Microsoft decides to increase its cloud prices by 20%. Or when Apple decides to kill off most of the ports that you need on the Mac book pro that you actually need on the new Mac Book Pro. Or when you think your business is following all the data protection rules then you find out it’s all about to change… No? Not familiar with that last one?
Well that is actually kind of what’s happening with data protection right now – the game is changing and a lot of businesses face being caught off guard.
At MirrorSphere, we’re getting prepared for the snappily titled ‘GDPR’ – and your business should be too – even if it does seem like one of those things you want to put off for as long as possible.
As ambassadors of robust data management, at MirrorSphere we are always striving to ensure data is safe, secure and protected, and right now data governance is more important than ever.
The General Data Protection Regulation is on its way and it’s not something you can ignore. The best way to avoid getting caught out is to act now and ensure your company is fully prepared when the regulation comes into effect in 2018.
5 Things You NEED
to Know about GDPR
- Your company must be GDPR ready by 25th May 2018
- There should be someone within your business who oversees information governance, and in the case of larger companies, a Data Protection Officer will have to be employed
- New products and services must be developed with privacy in mind, rather than as an afterthought
- Companies have 72 hours to report critical data breaches
- Companies failing to apply with the General Data Protection Regulation can be sanctioned; they can be ordered to pay up to 4% of their worldwide turnover
GDPR – a Summary
- GDPR stands for General Data Protection Regulation
- Its purpose is to protect the personal details of anyone living in the EU
- It means companies have to prove they are handling customers’ data sensitively
- The EU General Data Protection Regulation comes into effect on 25th May 2018 – but businesses should have systems in place before then
- The new legislation is set by the European Commission
- Any company failing to comply can be fined
- The EU General Data Protection Regulation is being introduced because research found that 90% of Europeans want the same data protection rights across the EU and 67% are concerned about a lack of control of the data they provide online.
What this actually means for you
It may seem like a minefield but preparation is the key when it comes to implementing General Data Protection Regulation best practice and potentially avoiding a hefty fine. Follow these key steps in advance of GDPR and you can’t go wrong.
Understand Your Data
Working out what personal data your company holds in applications and databases is essential. You will need to work out where it comes from, who can access it, who it is shared with and whether it is still relevant. This is where you need a robust data management system.
Make Staff Aware
There are key people within all organisations who need to learn about the implications of the General Data Protection Regulation. These include IT, HR, sales, marketing, R&D and also those involved in social media and data analytics. It may be a good idea to hold workshops which will serve to share knowledge but also to allow staff to identify potential pitfalls which could be preempted.
Know Your Customers’ Rights
It is important to take time to evaluate the ways in which you obtain data and how you allow people to unsubscribe. It is important to have a strong information governance system in place so that you can keep anonymous information about customers without retaining their personal details. This may mean you have to review backup data as well as production data.
Communicate
Everything your company does, in terms of collecting and storing personal data, now needs to be recorded and reported. Your business’s current privacy and data protection policies need to be reviewed and adapted for the EU General Data Protection Regulation and all changes and processes should be documented and audited.
Put Someone in Charge
It is not mandatory, but it is recommended that you appoint someone within your company to act as Data Protection Officer – someone who can oversee GDPR efforts and ensure compliance.
Prepare to Act Fast
Under the new regulations, critical data breaches must be reported to the subject of the data breach within 72 hours. This affects only breaches which could potentially affect the customer’s rights and freedoms and are therefore classed as ‘critical’.
Want more information?
Read about how MirrorSphere's special techniques and technologies can help you prepare for GDPR accordingly here.
Or fill in your details below to have one of our team call your back to discuss how you can best prepare for GDPR