What is GDPR?
The EU's General Data Protection Regulation (GDPR) is the result of four years of work by the EU to bring data protection legislation into line with new, previously unforeseen ways that data is now used.
GDPR will change the way that data protection is viewed and dealt with in the UK giving powers to impose fines as large as €20 million or 4% of Global Turnover. There are many changes to current data protection legislation which will be coming into force and due to the fact that this is a 'regulation', compliance will be mandatory by law for all companies who 'process' the personal data of any person in the EU.
When will the GDPR apply?
The GDPR will apply in all EU member states from 25 May 2018. Now, everybody in the UK will at this point be thinking "BREXIT". Brexit will have no bearing on the new legislation due to the fact that it applies to any company processing data about anybody within the union. In addition, there is also legislation going through in the UK under the Data Protection Bill (DPB) which will bring UK laws in line with the new GDPR legislation in most areas while in some it actually takes things further.
Either way GDPR is coming and it is here to stay. Businesses are going to have to change the way they interact with and process personal data and this process cannot wait until 24 May 2018! All businesses need to be looking at the requirements to get themselves compliant now in preparation for the new laws taking effect.
How to prepare for GDPR
The short answer to how you prepare for GDPR is implementing "Appropriate Technical & Organisational Measures".
So what does that mean?
That means reviewing all technical and organisational areas of an organisation that involve the processing of personal data including reviewing and/or creating new compliant policies, procedures and controls as well as training all employees on any changes.
In addition to simply preparing your business and training your staff, it is a good idea to display your commitment to GDPR compliance to your customers, partners and suppliers along with anybody that takes an active interest in your business such as the ICO, Safonda can help here too. We offer differing standards to help you both track and prove your compliance ranging from questionnaires and self-assessed standards to complete data processing audits.
Call us today to find out how we can help you business demonstrate GDPR compliance.