Yup, four letters you're probably sick of hearing about, but we're going to throw our hat in the ring as well. The important thing to realise with GDPR is that it's built around common sense, despite the scare tactics that are going around at the moment.
The fines, the FINES!!
Yes, there are fines, and the maximum fine can be huge - 4% of global turnover or €20m, whichever is higher. BUT - we can only see that being the case if you're completely reckless with personal data. If you can show that you've taken appropriate steps to protect data, then we would take the view that the ICO would like to learn what steps can be taken in the future, rather than implement the maximum fine (that's not to say you won't get fined an amount though if you're found to be lacking in some way)
Fail to prepare, prepare to fail
The implementation date is 25th May 2018. Let's be honest - if you have been adhering to current data protection standards, you're most of the way there - it's just a case of tidying up a few extra pieces to dot the i's and cross the t's and now is the time to do it. If you've done nothing at all, then it's definitely time to look at getting everything into proper order.
So what should I do? 8 steps to take now
- Raise awareness within the business
Anyone that deals with personal data within your business (and let’s face it, that is most of us) need to be aware of the new guidelines. From next year, consumers will have far more rights over the data you hold on them and will be able to request access to their information or ask for it to be removed. Set up the right processes and training so you can respond to queries and demonstrate compliance in a timely way.
- Check what personal data you have
Do an audit of the personal data you have and where are you holding that information. Where did you get the information from? Cleanse your data and if you don’t need it, get rid of it.
- Update and review privacy notices, procedures and processes
Ensure that privacy notices are up to date on your website or within marketing communications that you send out with clear opt out clauses as standard. Ensure that a clear opt-in notice is present whenever personal data is being submitted. Review the consent(s) you already have to process that person’s data and review or act accordingly.
- Ensure everyone plays their part in keeping data secure and private - ‘think onions!!’
Ensure any staff that come into contact with data are keeping information stored in a safe place. Data IS your business so there has never been a more important time to ensure it is protected, specifically information that can be used to personally identify someone. We like to use the onion analogy …. (your data being the core and the many layers surrounding it your protection – a minimum of 14, or more!) For maximum security make sure you have the following layers in place; Encryption, Authentication, Systems Management, Anti-Malware, Breach Protection, Monitoring, Patching, Backups, Network Segmentation, Firewalls, IDS/IPS, DNS Filtering, Logging and Reporting. You can add extra layers, whether it’s an organisational process/procedure or physical security for example.
- Backup your data and use secure passwords
Do you know when you last backed up your data? Can you restore that data effectively? Data loss is also covered by the GDPR, so test those backups! Also, ensure you are using secure passwords and don’t share accounts.
- Invest in cost effective software such as the GDPR Portal to help you manage your compliance
This simple and cost-effective application has the tools your organisation needs to manage the process for you and keep you on track with compliance. For more information about the benefits of the portal, contact the Red Maple team.
- Red the ICO's guidance on other steps you can take now
Read their "12 steps to take now" in addition to the steps mentioned here
- Sign up to our GDPR event in April
To find out more about the above steps we will be holding a GDPR seminar at Vallum Farm in April 2018. To register your interest email: firstname.lastname@example.org
For support and advice on GDPR or anything IT, contact Mike Proud, CEO, Red Maple on 0333 323 8100 email: email@example.com or visit: www.red-maple.co.uk