Now I know we’ve spoke to you about this before – several times! – but the new data protection reforms, or GDPR as we are more familiar with, comes in to effect on 25th May 2018, and that’s less than three weeks away!
And non-compliance of these reforms could prove very costly indeed, with fines being issued of up to £20M, or 4% of annual turnover, to any company who flouts the law, whether intentionally or not.
Not GDPR Again?!
Now, as mentioned above, we have written about how to prepare for the changes previously in our blog post from February; Stop Panicking And Prepare. Hence, here we are going to discuss a bit more about the GDPR changes, and what you can do to ensure you are fully compliant.
It is worth knowing that these changes are part of an EU directive and directly replace the Data Protection Act, which currently only applies in the UK. As a direct result of these changes and, importantly, of Article 17 of the General Data Protection Regulation, the ‘Right to Erasure’, any individual has the right to ‘be forgotten’.
The emphasis of these changes is very much centred around the rights of the individual, with the onus on organisations who store personal data to be significantly more accountable and transparent with what happens with this information.
Will GDPR Still Be Enforceable After Brexit?
In a word, Yes.
Compliance with this regulation is to protect EU citizens and applies to any organisation within the EU but, crucially, doesn’t stop there.
GDPR regulates everybody who deals with EU citizens. Globally, any organisation dealing with EU citizens and storing their data, is subject to the regulations, and in this digital age, where technology is king, it could prove very costly to companies who are not clued up.
Hence, even the big American boys, such as Google and Facebook, are having to get themselves GDPR compliant, as you might have noticed by the sudden requests to review your data and privacy settings!
What Do People Really Think About GDPR?
A survey by Dell released in 2016 when the new regulations were announced, stated that a whopping 97% of companies did not have a plan in place for the new GDPR regulations, and that only 9% of I.T professionals were confident their organisations would be ready in time.
You would hope therefore, that almost 2 years later, and with deadline day looming, awareness would have improved considerably. However, as of March this year, 72%, (almost three quarters!), of British adults had not heard about GDPR according to a YouGov poll, although interestingly, over half, (55%), are so used to their personal information being given away, they felt the trend was irreversible, and are resigned to the fact that they have to share their information in return for products and services.
So how can we rebuild the public’s trust in protecting their data?
Well, according to this article in Management Today, with over 6 million EU citizens working in data related roles, and literally almost everything we do being in some way dependant on I.T, we need to be embracing these GDPR reforms in order to rebuild the public’s trust.
That’s why, here at Bandicoot, we take your privacy very seriously, and we offer tailored GDPR advice and support to help you do the same for your customers.
Is Your Business GDPR Compliant?
There are several key questions that you need to be asking yourself right now, and areas of your business that you need to be examining. For example, did you know, you must have a Data Protection Officer if you have more than 250 employees? And essentially, carry out internal audits, reviews and staff training on the data privacy legislation? Also, amongst other regulations, you need to carry out Data Protection Impact Assessments, and have permission to collect and store personal data.
Another good idea is to do a review of your supply chain. Are your suppliers compliant? What plans and procedures have they put in place to meet the new demands?
Even if your company employs fewer than 250 people, you must put measures in place to be GDPR compliant. It’s easier to think about this positively than working out how to get around it!
Make a start with all your HR records, your customer records, your mailout lists. You need to get consent to hold this data. So much information now falls under the banner of ‘personal data’. Did you know that even an IP address falls in to the personal data category??
And if you do hold data, you must only hold information you need for a specific purpose, and you must not hold on to it longer than necessary.
Is the info you do hold secure? Well, according to this article in Computer Weekly, now is the perfect time to review your I.T security policies and update them to be GDPR compliant, and making good use of encryption reduces the risk of security breaches, negating the risk of hefty fines.
It’s also important to recognise that, if somebody requests to see the information you hold, you must meet this request. Subject Access Requests used to cost £10 per request, now significantly, they will be free, which could see an upsurge when the GDPR regulations come in to place.
Look To The Positives Of GDPR
Above all, shout about it to your customers. Give them confidence that you take their privacy seriously and that they are in control of their own data. After all, this is surely a great time to find out who your real customers are?!
Use this as an opportunity to reconnect with your customers; you need to get people’s consent to directly market your products and services to them, and you need to clearly offer the option to opt out, so engage in communication, get to know what it is your customers actually want, not what you think they want. Forget third party data, forget cookies, there is so much more value to building your information based on a true reflection of those customers who you have actually engaged with!
Should I Be Worried About The New GDPR Regulations?
In truth, if you are already ethical about what you do with customer information, and if you are up to date with your DPA regulations, then stepping up to GDPR should not be too much of an issue. It’s worth getting to know the ICO and if you haven’t already done one, carry out an internal audit on the information you store as a matter of priority.
This should cover your information security, records management, data sharing and if you have it, CCTV. You also need to work out if you are a processor, controller or both, when it comes to storing data.
But don’t worry, talk to us and we will guide you through, so when 25th May arrives, you will have seamlessly stepped up to the GDPR benchmark!
Contact Bandicoot To Talk To Us About GDPR
We’ve been working on this for some time now, which is why the team at Bandicoot are all pretty much GDPR experts by now. Whatever your GDPR and IT issues or questions are, we can help you find the best, cheapest and quickest solutions.