Before discussing exactly how you should prepare your business for GDPR, it is essential you understand exactly what GDPR is and what it’s consequences are. The UK currently relies on the Data Protection Act of 1998, but this is soon to be superseded by new legislation called GDPR, or the EU’s General Data Protection Regulation.
This new legislation gives people more say over what companies can do with their data and will introduce tougher fines for non-compliance. At the moment, companies like Facebook and Google swap access to people’s data for use of their services. This is partially because, the current legislation was enacted before the internet created new ways of exploiting data.
The new legislation will apply from 25th May 2018, and although this may seem a long way off, it is imperative that companies start preparing straight away. This legislation is EU law, and the UK will adopt it while in the EU and mirror it once it leaves. How exactly can you prepare your business?
Educate yourself
The first step towards preparing your business for GDPR is educating yourself. You need to understand exactly what GDPR is and understand the risks involved in order to make the right changes. Yes, you are required to put new security features in place, but you also need to take the time to understand how hackers operate.
Educate the whole company
Everyone involved in a company should understand what GDPR is because the changes it requires companies to make will affect the whole company. Don’t just leave the job to the IT, as educating the whole company will ensure the procedure is carried out properly. It needs to be a business-led change and the full support of the business is essential.
Adapt your privacy policy
Companies are now required to clearly inform their customers about what their data is being collected for in their privacy policy. The privacy policy should be clear and easily understood by customers. It needs to state exactly what information is being collected and what the information will be used for. Not only must you create the policy and stick to it, but you must also prove you are sticking to it.
Create an opt-in policy for data sharing
Currently, many companies use an opt-out policy for data-sharing. The consent is assumed, and customers must specifically ask the data collectors not to share their data with third-parties. When the new legislation comes into effect, the opposite will then apply. Each customer will then have to consent to their data being shared before the company can do so.
Prepare for assessments
This new legislation is not being taken lightly. This means that companies will most likely face assessments to ensure everyone is following the new legislation. Fixed penalties are likely to apply. Companies will be expected to understand and comply with the new legislation, so it is imperative that you educate yourself and prove that you are sticking to your updated privacy policy.
Finally, this new legislation has been created to ensure companies and their customers are better protected. It will ensure companies are better able to deal with any breaches in security, so it is in your best interest to comply with the new legislation.
Speak to a member of our team today for expert advice. We have over 30 years’ experience and are happy to help.
