You cannot fail to have heard about the GDPR Regulation which becomes enforceable next year on 25th May 2018. There’s a lot to the GDPR, and there’s a lot of news and internet coverage being devoted to it. Not all of it is accurate. Here’s the lowdown on what you need to know right now.
What is it?
GDPR stands for General Data Protection Regulation. It is the successor to the existing Data Protection Act (Directive) which is over twenty years old.
Will it affect me?
Yes, if you store any personal details about staff or customers.
It’s an EU Regulation – surely Brexit means it doesn’t apply to us?
No, Brexit doesn’t change your need to be compliant to the Regulation.
I’ve heard you can be fined?
Non-compliance can be punished. For an Enterprise, there are around 16 requirements which, if not met, could lead to a fine of up to 20 million Euros or 4% of the previous financial year’s turnover, whichever is greater.
Sadly, no. But bear in mind that is the worst-case scenario for an Enterprise class company. Lesser infringements and smaller companies are likely to receive smaller penalties. But there are penalties, and they’re not kidding.
Can I cure this with IT?
Not by IT alone, no. There are articles within the Regulation which will require addressing through IT, that’s correct. But there are many business processes and work practices that will need to be put into place as well.
Where Do I Start?
One: If you haven’t already started to address the requirements of this new regulation, take a look at the ICO’s 12 step GDPR breakdown: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
That’s a good starting point to get you oriented with the GDPR.
Two: Talk to your IT service provider, and see how they can assist. They may have something already in hand for you. For example, at Pro-Networks we have provided our existing support customers with a GDPR Guidance Toolkit. This provides the necessary guidance and information to allow them to navigate the requirements of the GDPR and to ensure the appropriate steps are taken to make their business compliant.
Three: Don’t delay – this is a big topic and should not be under-estimated. Start now.
I’m busy enough just running my business, I don’t have time for this…
If you engage with us and enlist the services of our accredited GDPR Compliance team we’ll work with you and manage your transition towards compliance. Just visit us at www.pro-networks.co.uk