If you own a business and haven’t yet heard of the GDPR, then it’s time to do your research. The General Data Protection Regulation (GDPR) comes into force in May 2018, so there is now less than a year to prepare for the radical changes which are being rolled out. The GDPR will replace the current Data Protection Act (DPA) and the new legislation expands on the current approach to data compliance.
We can’t stress enough the importance of staying aware of changes to the data protection laws. The Data Protection Act has been in place since the 1990s, and with cybercrime becoming a growing global issue it makes sense to tighten regulations. There are some key changes in the GDPR which organisations need to prepare for; you may need to arrange meetings across departments including IT, marketing, HR and higher management to discuss GDPR compliance.
Companies and organisations will essentially become more accountable for the data they hold and process. The GDPR will affect organisations in different ways, so it’s important to understand the new regulation, but in general there are a few steps all businesses should take as a starting point to stay compliant.
Assess current personal data
The first step to compliance is documenting what personal information you hold, and making sure you have good reason to store that data. It’s important to understand where that information came from and who you share it with. For many companies it’s a good idea to conduct an information audit, and larger enterprises may wish to appoint a data protection officer.
Review consent
The GDPR is much clearer about how someone needs to give consent before storing or sharing their personal data. Review how you seek and record consent, and see if you need to make any changes. It’s not just about changing how you do things from the date the law comes into effect – you should also refresh the consent for all the data you currently hold.
Data breach prevention
If an organisation suffers a data breach, they are now liable to notify the ICO and in some cases the individuals concerned. The GDPR is designed to put data security as a top priority, so businesses take more action to prevent breaches of personal information. It’s time to put into place special measures to avert hackers, and put policies in place to investigate and report data breaches.
Now is the time to review your data protection policies and step up efforts to avoid becoming a victim of cybercrime.