GDPR – you may have heard of it but equally you may not have. What is GDPR? When does GDPR come into force? Why is GDPR being introduced? All valid questions and all questions we will address through the course of this article. If you already have a good understanding about what GDPR is, this article may not be right for you.
Firstly, what is it? GDPR stands for General Data Protection Regulation. It’s an EU regulation that is intended to give more transparency about where your data goes, where it is held and why it is being captured. Long gone and privacy policies of old too. You’re expected to be clear as to why you’re collecting the data and for what purpose when first asking for it.
GDPR is the successor to the well-known and long-established Data Protection Act 1998. Cloud services and the exponential growth of the internet means the Data Protection Act is long behind the times. GDPR is much tougher on any non-compliance or data breeches that occur too. Higher monetary penalties are the biggest concern to companies; recent data breach incidents by names such as Wonga (2017), Tesco Bank (2016) and Talk Talk (2015) would be fined far more under GDPR.
The new regulation comes into force on May 25, 2018 and applies to all EU member states and because it’s a regulation – not a directive – the UK doesn’t need to create ay legislation. All organisations – including yours – must be compliant by May 25, 2018. No exceptions! Only six month ago, Dell reported that 97% of companies do not have a plan to be ready.
We advise appointing a specific person within your company to oversee creating your GDPR policy. Chunking your approach will make creating the policy less daunting. The best example we’ve seen of this chunking approach, comes from Jason Hart, CTO at Gemalto.
- Technology – get to know the types you have access to and use to interact with/handle/store your data
- People – get to know the “personas” of people who have access to or interact with your data
- Process – get to know which connect the technology and the people together
Get under the skin of these three topics to understand who has access to your data, in addition to how it’s processed whilst ultimately, knowing where it finally rests. We thoroughly recommend watching the full webinar because there’s greater input from Jason, that goes into much more detail on his above points.
Whilst data protection may not be at the top of the priority list for every business, with the new regulation just around the corner, it must definitely has to be. If you’re wanting help in preparing for GDPR, contact us today. Our team can make your approach to data protection changes clearer and less stressful.