GDPR (General Data Protection Regulations) was adopted by the European Parliament and the European Council on April 27th, 2016. The European Data Protection Regulation will be applicable as of May 25th, 2018 and replace the Data Protection Directive. It will also be written into the UK statute books post brexit and although it may be changed in some form the core compliance to some kind of legal responsibility regarding data and cyber security will remain in place.
The final text of GDPR can be viewed here but the main points are below.
Do I need to Comply ?
If the answer is YES to the any one of the below then email or call us for free advice. Still unsure then call us anyway and we can advise you. We can then arrange for a chat and free on site consultation.
Does the data you use or hold include basic identity information, such as; name, address, ID numbers, social media details, medical information, biometric, religious,racial, ethnic or financial data?
Do you use personal data for communications and/or marketing?
Are you a B2C provider?
Ensure you comply and future proof your business.
What is the GDPR
The GDPR is a new set of rules that define how a company collects, stores and shares Data from and to EU Citizens. It is designed to ensure Companies take reasonable steps to protect Data or risk severe penalties - up to 4% of turnover.
What happens if we don't comply
Once GDPR is operational there will be nowhere to hide should you suffer a Data breach. By law all Data breaches must be reported to the certifying authority. Companies found to be non compliant can be punished via fines or worse.
We're leaving the EU - Why does it matter
All EU laws are being drafted into the UK's statute books before we leave, so any EU laws will be UK laws once we leave. Even if the UK change GDPR afterwards we will still need something very similar in place to ensure UK companies meet a minimum level of security.
What does GDPR mean for UK businesses
If you store no Data then nothing. However if you maintain any kind of Data storage then GDPR is designed to ensure you've taken at least minimum steps to ensure the Data cannot be stolen or otherwise compromised. For any company that relies on Data this isn't a bad thing anyway. Most companies that have recognised there is a real threat around internet based security will have most likely reached some sort of level of compliance anyway.
Does GDPR ensure I have Data Protection in place.
GDPR is designed to ensure your Data is protected and unusable to outside parties. In complying with GDPR you are protecting company assets and company IP, something that should be done anyway. In adopting GDPR additional systems and procedures may need to be put in place to ensure both yourself and your clients are adequatley protected.
Do I have to change the way I collect and store Data
This very much depends on the way you currently collect and store Data. A specific aim of GDPR is to protect clients' personal Data by pseudonymisation of any identifying Data fields. For example a clients name would be replaced with a unique number rendering the Data record less identifying. This process would be more applicable to large amounts of Data used for analytics though.