From the 25th May, the new General Data Protection Regulation (GDPR) comes into effect, and it’s important that your business is prepared. Here are a few hints and tips on how to prepare your business:
First and foremost, let your colleagues know about the new regulation. The Information Commissioners Office has released statistics that show the vast majority of data breaches come about as a result of human error, by simply building awareness of cyber security and data protection issues, a great deal can be achieved. Awareness, education and training are key.
Personal data audit
You need to know what personal data your business holds, where it came from, what permissions you have in place, and with whom you share it – so a data audit may need to be undertaken.
Review your privacy notices
Take a look at your current privacy notices too and see if these need updating to be in line with GDPR requirements.
The rights of individuals
Another important aspect of GDPR is ensuring individuals’ rights are protected, so you’ll need to know how your business deletes personal data, how you handle requests for data and in what format it is provided.
Timescales for information requests
Hand-in-hand with how requests for data are handled, are the timescales within which you should fulfil these requests, under the GDPR you’ll have a month. Should you decide to refuse a request for information you’ll need to explain why, and explain to the individual that they have the right to complain to the appropriate authority.
Processing data lawfully
The new regulation also necessitates that you identify, document, and explain in your privacy notice, the lawful basis by which you process personal data.
Issues around consent
Being GDPR ready also necessitates that you review how you find, record and manage the consent of the data that you hold.
Confirming a customer’s age
You may also need to put procedures in place to confirm a customer’s age and to gain consent from parents or guardians to process data relating to minors.
Ensuring you hold the right data in the right way, is just part of the regulation, in addition, you’ll need to have appropriate measures in place to identify, report and investigate a data breach, should one occur. At Bowe Digital, we can offer you proactive IT support, monitoring your IT equipment and servers to help to protect your systems from data breaches.
Privacy from the start
Privacy and data protection cannot be an afterthought; they must be considered right from the start of a project, so you have ‘privacy by design’, which will help to mitigate risk and increase trust in your organisation. You may also have to conduct ‘data protection impact assessments’ if your data processing is high risk.
You’ll also need to appoint a designated person who is responsible for data protection compliance within your business, whether they are a colleague or an external consultant. You must ascertain that they have the necessary knowledge, plus the support and authority within the business to make a difference.
Should your business operate on an international scale, you’ll also need to confirm which data protection authority takes precedence.
So there you have some hints and tips on how to ensure your business is GDPR ready, this list is not exhaustive, but more information is available from the Information Commissioner’s Office or contact our team today for assistance with your cyber security.