With the new GDPR regulations set to be introduced in May 2018, companies have less than half a year left to ensure that they are fully compliant. Failure to comply will see businesses face penalties, including huge financial ones. With the official date set for the 25th May 2018, your business should plan for the regulations and make the relevant changes.
What is the GDPR?
The GDPR (General Data Protection Regulations) is set to replace the Data Protection Act and relates to the way in which a business will handle the personal data that they use, such as names, age, addresses and more. The GDPR is similar to the Data Protection Act, although it is more up to date with current society, containing information such as IP addresses and biometric data (eg fingerprints and face recognition). The GDPR is being introduced as a way to improve the systems within businesses and provide more protection to customers in terms of their personal data.
What should I consider before the introduction of the GDPR?
Before the introduction of the GDPR in May 2018, it’s important that a number of procedures are planned and implemented within your business, in order to show that your business is fully compliant. Here are some tips to consider for any business which will help with compliance.
Comprehensive systems to locate information
A good quality management system is needed to ensure that you have full ability to locate all relevant information whenever necessary. Regardless of whether your system is paper based or electronic, your business requires a good system.
Without a quality system, businesses may spend hours looking for information when they should really be able to find it quickly. This is even more important when individuals exercise their right to ask the business to remove their personal data. When an individual does request this, all of their data should be located and confidentially destroyed, something that can’t be done efficiently without a good system in place.
Securely destroying confidential information
When individuals request for their information to be destroyed, it’s important that this process is completed quickly and professionally. Without a proper procedure in place there is the possibility that the documents aren’t fully destroyed, which could lead to heavy penalties.
The privacy of documents
The GDPR is set to focus heavily on the privacy of documents and the information that they contain. Considering the privacy of your documents is essential under the new rules, as well as your overall handling of the documents. Using a paper based system has a number of potential risks, such as losing the documents. Transporting documents can also be a difficult and potentially dangerous task; with misplaced documents a very real issue when using paper based systems. Using a complete document scanning service where the documents are in a digital form can allow for easy storage.
Managing retention periods
Retention periods are designed to protect important documents, particularly in industries where information cannot be destroyed until a certain amount of time has passed or where the information is needed at some point in the future (eg legal documents). Correctly managing the retention periods of business documents is vital and can also save the business time and money.
The GDPR introduces a number of penalties given to businesses that aren’t fully compliant with the new rules. Businesses would be subject to consequences and penalties when breaching rules, such as not providing access to information, incorrectly transferring data, breaching the rights of individuals and many more. Penalties include fines of up to 20 million Euros or 4% of a company’s turnover for the most serious issues and up to 10 million Euros or 2% of a company’s turnover for less serious issues.