You should by now know that the rules are changing on General Data Protection Regulation (GDPR) to protect the data of EU citizens, but are you ready?
All organisations were given a two-year period to make sure they were compliant but that comes to an end on 25th May 2018.
If like many other businesses you have kept putting things off, here’s some help to make sure you’re ready when the time comes. Because if you don’t comply then you could be fined as much as 4% of your global annual turnover.
Elizabeth Denham, the UK’s information commissioner, who is in charge of data protection enforcement, said: “The General Data Protection Regulation (GDPR) is the biggest change to data protection law in a generation.
“if your business isn’t prepared, you’re leaving yourself open to enforcement action that can damage both your public reputation and bank balance.
New research by international law firm Paul Hastings has found that over half of companies across the UK and US will not be ready for the new regulations so they better get a move on because not being ready is no excuse.
Awareness is though and showing that you are moving in the right direction, even if you’re not quite there will result in some leniency being shown.
5 tips to make sure you’re prepared
You might know about GDPR but does everyone in the business who needs to?
Make sure everyone knows what is on the horizon and what the impact will be on the business.
What do you know?
When it comes to other people’s data you really need to know what you hold, how you got it and who you share it with. Having the answers now means you would be ready for any information audit that you might need to do.
2017 was a bad year when it came to data breaches and the court case in December, which saw Morrisons found to be liable for a staff detail breach means the future could be very different, so you need to make sure you have the right procedures in place.
Now is the time to check yours and ensure they cover everyone’s rights as well as how you would go about deleting personal data and how you provide data electronically.
Under GDPR you need to make sure everyone knows exactly where they stand, so review all of your current privacy notices to make sure they meet the new regulations. If they don’t, make sure you do something about it as soon as possible.
What to do if you’re breached
In an ideal world all of your cybersecurity efforts will prevent a data breach but as there is never a guarantee, making sure you have the procedures in place is vital.
So have plans to detect, report respond to a data breach to help minimize the disruption and effect.
Finally, make sure you or a designated data protection officer has familiarised themselves with all of the legislation so you know exactly what to expect.