Thought GDPR only applied to big corporations? Then think again. The General Data Protection Regulation (GDPR) that came into effect on May 25, 2018, affects businesses of all sizes (including SMBs) right across the EU. It will continue to govern the way data is collected, stored and used even after Brexit and just because the deadline has now passed doesn’t mean it can be forgotten about.
It represents fundamental change from this point on.
If you collect personal data, you will have to abide by its rules. What’s more, if you fail to meet its stipulations, your company could face crippling financial penalties.
The aims of the GDPR
The new regulations are designed to give EU citizens much greater control over their personal data, and to encourage companies to take data collection and processing seriously. No longer the sole responsibility of the IT department, how personal data is gathered and stored should now be at the centre of all business operations.
Some important points to remember include:
- The GDPR will apply to organisations with less than 250 employees if data processing could mean a risk to the rights of data subjects
- For UK firms, breaches in data security should be reported to the Information Commissioner’s Office within 72 hours (at the latest)
- EU citizens have much more control over the way their personal data is used – including the right to withdraw their consent and the ‘right to be forgotten’
Steps to ensure your company is GDPR compliant
- Audit your data
- Ensure data security
- Don’t suffer from compliance complacency
The first step your company should take to ensure compliance with the GDPR is to conduct a deep audit. Identify what personal data is held and where it is stored. This includes information kept on mobile devices and in the cloud.
Once you are armed with this knowledge – and you may be surprised at the amount of data you routinely collect – you will be much better placed to implement strategies around storage and handling.
An audit will also help you prepare for any ‘right to be forgotten’ requests. Knowing where data is stored and how to access it if a person asks to see it, will be vital in keeping your business compliant.
If you back up data – and you really should – then make sure that all archives are safe and secure with the ability to retrieve information if needed.
Working with a third-party provider can certainly help to ease the burden. A note of caution, however. Check to see if your outsourced IT provider is GDPR compliant too and only trust an experienced team with your data security at its heart.
Remember that the GDPR is not going to go away. Do not fall into the trap that compliance began and ended on May 25 with the sending of an opt-in email to your customer list. Your data handling processes should be carefully and regularly monitored to ensure you continue to remain on the right side of the regulations.
At MSV Consultancy, we have been helping large and small businesses meet the requirements of the GDPR since the new legislation was announced. Talk to us about data security solutions, backups, data audits and more by contacting our expert team HERE.