The General Data Protection Regulation (GDPR) is going to be enforced across Europe on the 25th May 2018, replacing the Data Protection Act 1988. GDPR will apply to any business that processes the personal data of EU citizens. Lots of speculation has been surrounding the GDPR act, and it has been a hot topic on the internet recently, and there is a good reason for it too!
Any and all companies will have to comply with the new regulations regarding the secure collection, storage and usage of personal information. If not, violations will be met with hefty fines of up to 20 million euros or 4 per cent of annual turnover, whichever higher. Businesses are in panic and unsure how they should prepare for this change.
However, all is not lost. Stay calm and get compliant with these three steps. Understand, Inform and Implement.
- Understanding what information is being collected, how it’s being collected, processed and stored and the purpose of the information (what is going to be done with this information afterwards).
- Tell people exactly what information is being collected and what will be done with this information.
- Implementing systems (digital reports) that allow people to access their information, edit and delete information.
So, don’t read the scaremongering headlines but review and update your processes/procedures/policies and put clients rights at the heart of your data strategy.
Thank you for taking the time to read this blog.