As of May 25th 2018, businesses and organisations in the UK will have to comply with the General Data Protection Regulation (GDPR), so how can they prepare for these changes?
Earlier this year, the European parliament approved the General Data Protection Regulation (GDPR). This will mean that every country within the European Union (EU) will have to be compliant - including the UK. While Britain has negotiated a number of exceptions to the GDPR, businesses in the country must still prepare for the upcoming regulations that will take effect as of May 25th 2018.
With less than a year before companies will have to enforce the GDPR, it is crucial that they start preparing now, using the remaining months to check whether their current data processing and data protection policies are compliant with the upcoming regulation.
Businesses must be aware of several key changes between the current Data Protection Act 1998 and the GDPR. Here we take a look at four ways your business can prepare for the new regulation, to avoid any potential damage once the GDPR is enforced.
It would be useful for any business to check their current policies and guidelines surrounding data protection, specifically the legal basis in which you use personal data. While currently you may not need the approval of a person to store data on them, this may change as of next year.
If you need the individual’s approval to store this information and you don’t have their consent, this could cause problems for your business. If you do have their consent, you must ensure that the information regarding the process is clear and understandable. The GDPR states that all information must be offered in clear and simple language.
Should your business experience any privacy violations, you must be prepared to deal with them. You can do this by setting clear guidelines and providing employees with a procedure to follow so that data breaches are responded to quickly and effectively.
In addition to this, you should also establish a framework for accountability so that you have a clear policy that proves you meet the necessary GDPR standards. By creating a safe culture of monitoring, inspection and judgement, and processing procedures, your business will be safe from data breaches.
Put yourself in the shoes of your customers, clients or any individuals that may demand their rights under the GDPR. With the new regulation they have the right to be forgotten, have data deleted and have data moved elsewhere.
This means that if you’re storing data, you must check the legalities for storing personal information under GDPR. If you are a data provider, there are some obligations that you must understand and integrate into your policies, procedures and contracts. The documentation you have may already be sufficient, but if not, consider the additional costs of the services caused by the new rules.
Businesses must understand cross-border transfers, as a failure to do this under the GDPR could cost your company big time, resulting in a fine of four per cent of the business's’ global turnover.
Your company must ensure that all international data transfers (including intra-group transfers) have a legal basis to transfer personal data in a country that may not have sufficient data protection regulations.
If you think your business could do with an introduction to the GDPR then sign up to our free online GDPR overview today.