Right from the outset The General Data Protection Regulation (GDPR) seems like an obvious one, but many organizations simply will not adequately plan for the GDPR changes which come into force across the EU in May 2018.
“Just remember, this effects everyone from the large business right down to the sole trader,” says Gary David Smith, CEO and Co-founder, Prism Solutions (www.prism.uk.com).
“To get aligned with the new regulations, first start by creating a detailed review of the methods you have in place to protect your data. Remember, the hefty GDPR fines will be imposed in the event of a data breach.”
So is your business data secure? Are the files backed up regularly? Are you collecting too much data?
“In some cases, your tech partner will be able to bring your data into their ecosystem, therefore storing your data to the standards required in GDPR,” advises Smith.
“The GDPR fines are essentially in place to encourage organizations to review cyber defences and management of data. Each country in the EU will have a Data Protection Commissioner’s Office. In the UK, it is the Information Commissioner’s Office.
“It will be your responsibility to always notify the authorities whenever there is a data breach. Remember, you only have a 72-hour deadline to report a breach before incurring fines,” says Smith.
Incredibly, 74% of UK SMEs had a data breach in 2015. It can easily happen.
“The process for achieving compliance is a rather long and arduous one,” explains Smith. “As a result, you might need to prioritize just the actions that are the highest risk to your business if left unnoticed. Priorities will be different dependent on every organization and sector.”
“Once you have planned and tested and prioritized for GDPR compliance, then its time to put everything into action. You are going to need to look at conducting training, audit programmes, drafting notices and data mapping exercises.”
For your business to be GDPR compliant, it is important that everyone in your team is heading in the same direction.
“Education, education, education is the key. Ensure that everyone knows what GDPR, and particularly what the consequences are, and what policies they need to adopt to prevent falling foul of the regulation,” says Smith.
“Your staff, essentially, must understand why it is important to be GDPR compliant. If your organization requires one, you must hire a Data Protection Officer (DPO). Ensure that your DPO is a GDPR expert and give them all that they need to continually keep your organization compliant.
“We really are heading into a brave new world with GDPR. No one should put their head in the sand with this one,” warns Smith.