The new General Data Protection Regulation (GDPR) is set to come into effect on 25th May 2018, at which time those organisations in non-compliance may face heavy fines.
What is the GDPR?
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. With the augmented growth of the digital economy and the way in which information is collected and used, it is now more important than ever to have clear and vigorous policies on data protection.
The new regulation places an emphasis on accountability and transparency and requires businesses of all sizes to safeguard the collection, storage, and usage of personal data.
What information does the GDRP apply to?
The GDPR applies to both electronic and manual filing systems where personal data is accessible according to specific criteria.
The GDPR specifies that any personal data must be:
- Processed lawfully and fairly in a transparent manner
- Collected for legitimate purposes
- Adequate and relevant to what is necessary
- Kept up-to-date or erased or rectified without delay
- Processed in a secure manner and against accidental loss, destruction or damage
The controller is responsible for, and must be able to demonstrate compliance with the above principles.
So how can you get your business prepared?
- Make sure staff members are aware and provide ongoing training ie: staff training, internal audits and reviews of HR policies
- Create an audit trail
- Identify the lawful basis for your data processing activity
- Review and reclassify the personal data your business holds and who you share it with
- Review company procedures relating to consent
- Use apps such as G-Suite, Receipt Bank who comply with the regulations and keep your data safe