The General Data Protection Regulation (GDPR) comes into force on 25th May 2018. The new law is designed to offer individuals greater protection in respect of their personal data whether as an employee, a customer, a supplier or a potential client.
Businesses will need to demonstrate that they have handled and protected personal data in a compliant fashion. Personal data is any information that enables you to identify a living individual. This can be a name, address, IP address, or date of birth and religious or political views.
What’s new under GDPR?
Under GDPR people will have new rights to access any data which companies hold about them. Companies must obtain consent from people for the data they collect and there will be a new level of fines for breaching the regulations. Greater accountability will be required for the processing of data.
The new law requires that you stop and consider:
- What data do you hold?
- What do you do with it?
- Who has access to it?
- How long do you keep it for?
- Do you have consent to hold it?
- Do you record the decisions you make in respect of it?
- Do you have a clear process to remove and destroy unnecessary data?
You now need to take responsibly for your data and begin to include privacy in your systems and processes as routine. To ensure you are fully compliant, it will be important to raise staff awareness across your business and educate them on how to think regarding personal data and the decisions they take involving it.
Your clients will need to be instilled with the confidence that you can be trusted with their data. Therefore:
- Don’t take on data you don’t need
- Don’t keep it longer than you need
- Don’t use it for purposes other than what you have consent for.
Finally, see GDPR as an exciting business opportunity to show how professional you are when it comes to customer / employee data and privacy. It could even be seen as a marketing opportunity for your business and another way to engage with your clients.
Have a look at our other GDPR blogs to help you prepare for the 25th May:
- GDPR: Continuing the Journey to Compliance
- GDPR: The New Data Protection Fee
- GDPR: Dealing with Consent
Please note: This article is a commentary on general principles and should not be interpreted as advice for your specific situation.