First of all GDPR shouldn’t be feared, it is a way of keeping all of our data safe. With the pace of change in technology the regulations of such data were always behind. Now GDPR just brings them up to speed. Once you understand your role as a data holder and processor you can move forward to make yourself and business compliant.
So it’s only a matter of months, next May to be specific, until the GDPR comes into force across Europe. For those that have had their head in the sand or aren’t sure if it affects your business then we can pretty much tell you that regardless of what your business operates in you deal in data so it will affect you!
Do you have employee payroll data, emergency contact numbers, customer data, financial data, and personal information? If so where are you storing this data, is it secure, if it’s outsourced to a 3rd party are they secure, it is up to you to find out and rewrite your contract to ensure they are in compliance with the new regulations when it comes to your data. Are you keeping the data, why, do you need it!
So What is GDPR!
It is the new data protection law and will significantly affect the way businesses collect and process personal data. It introduces new and strengthened rights for individuals with regard to their data, imposes tough obligations on firms in terms of data security and privacy, and creates a higher standard of consent for using personal data. Although it sounds like they are making it increasingly difficult for small businesses, they are really just making the online environment more secure. In saying that there are some hefty fines for those found in breach of the regulations. The regulations states that noncompliance results in a fine of up to €20 million or 4% of annual global turnover, whichever is larger..
Eight practical steps to begin GDPR compliance:
1. Carry out an information audit
Look at how your organisation collects and uses information.
Where is data collected and stored?
Who's able to access this data?
What security measures do you currently have in place?
What process have you in place to answer data requests from the public?
2. Raise awareness within your organization
Communication is key, GDPR is everyone’s responsibility, pinning it on one person is a recipe for disaster. Ensure your team understand changes are coming, and the potential impact this could have on the business – and the potential penalties. Make sure senior management is engaged in the process
3. Review your privacy policies
Look at what you currently tell users about how you use their data, and assess how far this goes to complying with the GDPR. Take a look through your quotes, employment contracts, online privacy statements and supplier contracts. GDPR is not just for marketers!
4. Have your policies and Procedures addressed
Do you have formal guidance in place on what to do if an individual wants to know what information you hold on them, or if you had a security breach? Do you know the laws you need to follow in the event of a security breach, or an information request. Understanding the current situation will give you a foundation to put in place the required documentation.
5. Get in touch with your technology providers
Compliance with the GDPR may require changes and amendments to your systems, with regard to how data is stored or secured. Contact your suppliers to understand what steps they’re taking to become GDPR compliant and support they're offering their clients.
6. Find out whether you will need to appoint a data protection officer (DPO)
If you’re an SME in an environment where you don’t actively handle or process large amounts of customer data you can probably survive by having the management aware of the regulation. Then have a mid to senior level employee oversee any projects that are necessary and use someone like Metrix Marketing, or the many companies in Ireland who have a base of knowledge on the topic, to advise on best practices.
If you are a larger company or handle larger amounts of data then you seriously need to consider appointing a DPO, in some large organisations’ we have already seen this become a full time roll.
7. Look out for updated guidance
The Information Commissioner’s Office and Article 29 Working Party will continue to produce advice and guidance on how to interpret and implement GDPR’s many provisions, so keep an eye out for updates.
8. Although GDPR is of vital importance to your business, be careful!
There are already organisations offering spurious certifications for GDPR compliance officers or over the top training. The huge scope and nature of the GDPR means you’ll likely need some help to prepare, but look closely at what’s being offered to ensure you’re not ripped off. There is no magic box where you input all your info and out comes GDPR compliance, it’s a process and will need to be actively managed by internal stakeholders. We at Metrix are happy to assist and advise but anyone offering to make you compliant, well we would advise being very careful of anyone offering you guaranteed compliance!
If you do want some assistance or just to talk about the potential implications for your business contact us at Metrix Marketing.