“People to have more control over their personal data and be better protected in the digital age” under new measures announced by Digital Minister Matt Hancock.
GDPR (General Data Protection Regulation) is big news in the UK and Europe right now. But what is it and how does it affect you?
We’re all busy so, using the UK government’s guidelines, we have put together the bare bones of GDPR and what you need to have in place to ensure you don’t fall foul of the new laws as fines for non-compliance can be as high as €20M or 4% of annual revenue. Also, GDPR is still relevant, despite Brexit. It is a UK government backed regulation and furthermore, compliance is vital, particularly if your business operates outside of the UK. Laws aside, GDPR makes excellent business practice.
Most importantly, demonstrating a commitment to client confidentiality is absolutely essential to any business. The real and potential danger of non-compliance is far more significant if you think in terms of a known breach damaging your reputation and the potential loss of business that goes with it.
Where is your company’s data?
Understand what data you store and where it is located. This extends to any contact information you hold on anyone, anywhere in your business from central servers to databases on individual computers.
Make sure the data you hold is compliant
This means making sure that the data you hold is compliant, i.e. that it falls within all of the government guidelines for GDPR and data collection and also that you have gained permission to keep this information. Permission must have come directly from everyone on any list you maintain.
Secure your data
It is vital that you have taken steps to prevent the data being breached, lost or damaged. This is probably one of the most important areas of GDPR and is intended to prevent the careless leakage of people’s personal information.
As part of a GDPR check, you will need to show how you manage your data with all of the relevant audit trails and monitors in place.