How will GDPR affect your business?

The EU’s General Data Protection Regulation, commonly known as GDPR, came about after years of work by the EU to bring the old Data Protection Act up to date.

Most businesses will be aware of it, but not necessarily understand what they need to do to comply.

But what exactly is GDPR, and how might it affect your business?

With the regulations coming into force on 25th May 2018, companies must comply by that date, or potentially face large fines.

Why is GDPR happening?

Since the Data Protection Act was originally introduced in 1995, the amount of data which companies hold on individuals has grown rapidly. With data breaches still regularly making the news, many UK consumers feel that GDPR is long overdue.

The GDPR introduces larger fines for non-compliance, and gives some power back to consumers in terms of what data companies can store, and what they can do with it. The regulation is EU wide, so the rules should apply to all companies within member states.

What are the ins and outs of GDPR?

The regulation has two main objectives:

1. To give consumers back control of their personal data
2. To simplify the regulations around how data is stored and used

Key details include

• Companies must ensure data is processed “lawfully, transparently, and for a specific purpose”. Following that, it should be deleted entirely.
• Consent to use of data must be sought by an “active, affirmative action”. That means no more pre-ticked boxes, or “opt-ing out”. Crucially, a record must also be kept of this consent.
• Companies must report data breaches immediately (within 24-72hrs) to the relevant authorities such as the Internet Information Commissioner’s Office.
• Individuals have more rights around how their data is used, including the “right to be forgotten”. This means an individual can opt to have their data removed in its entirety at any time.
• Failure to comply with the regulation can now lead to fines of up to €20 million, or 4% of annual turnover (whichever is greater). This is a vast increase from the current £500,000 maximum under the Data Protection Act.

How will GDPR affect my business?

If your business holds any data on anyone in the EU, it must comply with the GDPR. We’ve put together a quick checklist of things to help assist you in the compliance process:

• Know the data your business holds, inside and out. 

GDPR might represent a great time to review the data you hold on your customers, and how it is used. Check your data policies and guidelines, and review exactly what data your business holds on individuals, how long it is retained, and what it is used for. If anything seems extraneous, out of date, or is no longer used, consider removing it.

• Check your data gathering methods

Is your method of gaining consent compliant with GDPR, or do you use something like a deceptive opt-out checkbox? If consent isn’t explicitly being gathered from customers, you shouldn’t be gathering it.

• Ensure employees are up to speed

Complying with GDPR will be much easier if all departments are on board. Ensuring teams are knowledgeable about GDPR, and how it affects their specific job role, will save money in the long run.

• Get prepared

With shorter timeframes for reporting breaches, ensure plans are in place if a breach does occur, and know specifically how your business will deal with it. Also ensure that any website changes, or changes in print documents are made well in advance of the 25th May 2018 date.

While GDPR might seem complicated and just another “thing to do”, it represents a chance for businesses to review their policies, and make their marketing efforts better for customers who do wish to receive information from the company. Businesses which are seen to comply with GDPR may gain additional trust from customers, in the knowledge that their data is safe.

What about Brexit?

The UK minister responsible for GDPR said the UK will mirror the legislation in the UK, even after the country leaves the EU. Compliance is further dictated by the fact that the directive extends to any business handling EU data, whether in the EU or not. As Brexit pans out, this may however, become more convoluted…

We can help

We provide business systems and digital solutions which can aid your business in becoming compliant with GDPR. Why not get in touch and we’ll see how we can help.