On May 25, 2018, the new General Data Protection Regulations – or, GDPR – are set to come into effect, with those businesses around the globe that process data relating to EU citizens having to adhere to the changes in order to avoid harsh penalties. Ensuring, therefore, that your organisation is fully prepared for the change in legislation is of the utmost importance, and understanding precisely how the changes affect you is key to successfully implementing change with the minimum of disruption.
To find out if your business is prepared for the introduction of GDPR, it’s important to understand exactly what the legislation requires.
What is GDPR?
The General Data Protection Regulations represent the biggest change to data protection since the 1995 Data Protection Act, updating the requirements for data management to adapt to the ever-evolving changes in collection and processing of information. The GDPR aims to ensure that data regarding EU citizens is now more secure than ever before, with business organisations taking greater responsibility to ensure that information is not compromised or subject to data breaches.
To ensure complete compliance – and to be confident that your business is fully prepared for GDPR – taking early steps to review and update your data storage policies will be invaluable. With the potential for audits to prove time and labour intensive, beginning the review of your policy and processes today should be of a high priority.
Learn more about GDPR with this guide from THP Chartered Accountants.
What changes do I need to be aware of?
The scope of change may appear daunting, but realistically the key concerns are related to how data has been collected and how it is being securely stored. Being able to demonstrate exactly how the process works, and keeping an accurate record of how, where, and when users supplied you with their information form a major part of the GDPR. As such, putting in place a detailed structure of how to demonstrate compliance is vital.
This may be through a process of recording screenshots and saving contact forms to show an audit trail of data collection. In addition, you are required to show that full user consent has been provided for data to be recorded. Looking at a practical example, this change will affect marketing campaigns which traditionally have relied upon users selecting pre-ticked boxes to infer acceptance. Instead, it will be your responsibility to show that positive action was taken by users to provide consent.
A further change to existing data protection regulations relates to potential data breaches. Should any breach occur, it is essential that these are reported to the relevant authorities within 72 hours. Full details of the breach, plus details of how the business intends to mitigate the implications, will be required.
What are the risks of non-compliance?
Failure to comply with the regulations is a risk that no business should take. In fact, such is the severity of the penalties – fines of up to €20 million or 4% of your organisation’s annual turnover – that being culpable of a breach could compromise the very future of your business.
How should I prepare for GDPR?
Working with objective, third-party data protection officers will ensure that you can take all the necessary steps to adhere to the changes in data protection. Take the time early on to conduct a full review of current activity and communicate with all necessary departments to guarantee that they are fully trained and aware of their responsibilities in data management. For further help on GDPR speak with North East London Accountants – THP Chartered Accountants.