It feels like we’ve been talking about it forever, but all of a sudden, GDPR is just around the corner. And with 25th May now less than a month away, if you haven’t already, you need to get your data in order - sharpish.
Need a re-cap of what GDPR means for your business? Then read on...
The General Data Protection Regulation (GDPR) is the biggest change to data protection rules for over 20 years, replacing previous legislation that had been in place since the 1990s. The new regs are designed to give consumers much greater control over their data, while putting the onus on businesses to keep this information safe and respect the data privacy of their customers.
The UK’s Information Commissioner, Elizabeth Denham, has said that the GDPR is an “evolution, not a revolution”, so if you’re already compliant with the UK’s Data Protection Regulations, you should already be in good shape.
Having said that, there are some notable changes, particularly the shift from the allowance of "opt out" consent to the requirement for consent to be explicitly "opt in." For most businesses that means your customers must read and proactively tick the box that says they want to be on your database. Otherwise they need to come off.
Customers will also have greater powers to access their data and you need to start documenting what you’re doing to protect it, for example with data protection policies, impact assessments and other processes.
And bear in mind that fines for noncompliance will be going up, to a maximum of €20m or 4% of annual turnover. However, the ICO has said it will act lightly towards businesses who can show a clear and organised approach to how they secure their data and how they respond to potential issues, particularly in the first 72 hours.
The UK is already one of the countries with the greatest enforcement of data protection rules and this is likely to continue once the GDPR has been introduced.
All individuals and businesses that process or store personal or sensitive data must abide by the rules – that includes startups, small businesses, freelancers and the self-employed.
By personal data, the regulations mean any information that can be used to identify a person, such as their name, email address, IP address, and so on. Sensitive information could be details such as genetic data, sexual orientation, religion or political views.
With just weeks to go, here’s our top tips to ensure you’re ready to comply on the 25th May:
Looking for more detail? Then take a look at our guide on everything you need to know about the GDPR.
And don't forget, if you do find yourself in hot water, cyber liability insurance can protect you for a breach of data protection laws (where insurable by law) and your liability for handling data. It can also provide cover for extortion, system rectification costs, plus PR expenses and financial loss due to system downtime.
To find out more, drop us a line at firstname.lastname@example.org, or give us a call on 0333 772 0759.
Food for thought
It only takes 2 minutes to get a quote.