If the answer is YES to any one of the below then email or call us for free advice.
Still unsure then call us anyway and if necessary we can then arrange for a chat and free consultation.
• Does the data you hold include basic identity information; name, address, ID numbers, social media details, medical information, biometric, racial, ethnic or financial data?
• Do you use personal data for communications and/or marketing?
• Are you a B2C provider?
Ensure that you comply and future proof your business.
The GDPR is a new set of rules that define how a company collects, stores and shares Data from and to EU Citizens. It is designed to ensure Companies take reasonable steps to protect Data or risk severe penalties - up to 4% of turnover.
All EU laws are being drafted into the UK's statute books before we leave, so any EU laws will become UK laws once we leave. Even if the UK change GDPR afterwards we will still need something very similar in place to ensure UK companies meet a minimum level of security.
Once GDPR is operational there will be nowhere to hide should you suffer a Data breach. By law all Data breaches must be reported to the certifying authority. Companies found to be non compliant can be punished via fines or worse.
If you store no Data then nothing. However if you maintain any kind of Data storage then GDPR is designed to ensure you've taken at least minimum steps to ensure the Data cannot be stolen or otherwise compromised. For any company that relies on stored Data then this isn't such a bad thing. Most companies that have recognised there is a real threat around internet based security will have most likely already reached some sort of level of compliance.
GDPR is designed to ensure your Data is protected and unusable to outside parties. In complying with GDPR you are protecting company assets and company IP, something that should be done anyway. In adopting GDPR additional systems and procedures may need to be put in place to ensure both yourself and your clients are adequatley protected.
This very much depends on the way you currently collect and store Data. A specific aim of GDPR is to protect clients' personal Data by pseudonymisation of any identifying Data fields. For example a clients name would be replaced with a unique number rendering the Data record less identifying. This process would be more applicable to large amounts of Data used for analytics though.