General Data Protection Regulation (GDPR)
Any business that holds the personal data of EU residents will need to ensure that they comply with the General Data Protection Regulation (GDPR) which comes into place from 25 May 2018. Fines of €20 million or 4% global turnover (whichever is higher) will be imposed if the data under your control is compromised.
Let's look at how the GDPR will impact you:
What does this mean for your business? Going further than the current Data Protection Act 1998 the GDPR means you will be responsible for ensuing all personal and sensitive customer and staff data is held safely and securely, is easily accessible to the individual and deleted on request.
What is classed as personal data? The definition of personal and sensitive data according to the regulation includes health information, biometric and genetic data through to cookies and IP addresses. It really is difficult to think of a company that wont need to comply.
Despite England leaving the EU, this new regulation will still be adopted and is very likely to remain after Brexit.
How will this affect your business? It is important that your business is able to locate and track all personal data; this includes information located in customer databases through to laptops and mobile phones.
Does your business know where all personal data is located? Do you have processes in place to ensure the data is accessible and safe?
This new regulation means you will need to not only be able to locate the data and share it on request, but to also demonstrate that the data is safe and that you have appropriate safeguarding processes in place.
All data breaches will need to be reported within 72 hours and significant fines are likely.
How can you ensure your business is compliant? All businesses will need to devise and implement relevant processes and procedures for the collection, storage and sharing of personal data needs to be in place for May 2018.
For some businesses becoming compliant could take up to three months.
How Yellowspring can help: We understand that new regulations can be confusing and it is difficult to find the time to implement the required processes and carry on with business as usual.
As a trusted adviser regarding GDPR we can help your business to comply with this new regulation, with minimal impact.
If you need help understanding the new regulations and how your business needs to prepare, please call one of the team on 01268 494 100.