If you run a business, you are more than likely dealing with some sort of personal data. The way you need to handle this data is changing with the introduction of the General Data Protection Regulation (GDPR), which comes into force on 25 May 2018.
These new regulations affect businesses of every size and sector, so there are things you need to do to get your business ready. New powers could mean fines of up to 4% of global turnover, or £17m, can be levied on non-compliant organisations, so we’re encouraging all smaller businesses, and our members, to be prepared.
Introduction To GDPR Video
What your business will be required to do:
- Keep thorough records of how and when an individual gives consent to store and use their personal data. Not in the form of a tick-box, but a very transparent audit of consent.
- Document what information is held, along with evidence of where it came from and who it has been shared with. If you have inaccurate data and have shared that with another organisation, it’s your responsibility to pass that message on, so accurate updates can be made.
- Check that your processes are in line for how you might delete or provide personal data upon request. There are several ‘rights’ that the GDPR considers:
The right to be informed and have access to the data held
The right to have erroneous data corrected
The right to request that data be deleted
The right to data portability – an ability for consumers to obtain and reuse their personal data across different services
The right to object to data being processed in specific ways, including automated decision making
- Ensure that you have the right protection in place to detect, report and investigate a personal data breach
These are just a few of the measures included in the new regulations – all of which you will need to comply with. Why not check out this 12 point checklist courtesy of the FSB, that outlines some of the changes & the steps you can take to prepare for them.