The General Data Protection Regulation was adopted by the European Parliament on 27 April 2016.The regulation requires all businesses conducting trade within the EU member states to secure personal data for all European Union citizens. This means any company responsible for storing and processing data about EU nationalities including business data must observe the GDPR as of 25 May 2018.
To give you a little more information, the GDPR is focused on giving people control of their confidential information by ensuring that individuals rights, with regard to their data, has not been violated.
GDPR has the following key requirements:
- Individuals protected must beEU citizens/ residents.
- GDPR applies to firms based in the EU that are processing and controlling data.
- Non-EU companies responsible for managing data about EU subjects must adhere to GDPR.
- All EU member states must form an independent Supervisory Authority (SA) for their respective countries. In the UK, this will be the Information Commissioners Office.
- Companies must adhere to the lawful basis of processing data which includes consent from individuals,necessity, and in the case of business data, a genuine legitimate interest for processing the data.
- Parents must give approval fortheir children's information and data controllers must be equipped with a strategy to prove consents.
- Every firm must have a DPO or a public authority to control data processing operations that require close attention.
- Individuals will have the right to access their information, know the purpose of processing the data and to whom it's being shared with. Also, one has the right to request the company for erasure or alterations.
- Data controller will not prevent individuals from transferring their personal data from one system to another.
Jane from BDP Agency said "If you have been involved in regulation of consumer data or business data as part of your role, you will recognize and most likely adhere to many of these key requirements already".
Many companies are panicking about the looming date in May 2018, and realize that when the necessities are broken down, they contain many procedures that are already being followed by the business. Whilst we do not wish to underestimate the size of the task, a lot of the rules are being followed by individual employees and simply need documenting throughout the business.
This will be the overall responsibility of the data controller, data processor and DPO (Data Protection Officer), to implement GDPR within businesses. The controller has to ensure that external contractors follow suit while the DPO supervises data security plans. According to surveys and research carried out by TrustArc and Pwc, implementation and compliance of GDPR will impact companies" funds and investments since they will have to hire DPO's and redirect some money to improving their systems and of course, documenting all the information for all employees.
Below is a list of initial ideas for your business:
- Include all key managers from each department and stakeholders since the IT department alone cannot meet the GDPR requirements.
- Form a GDPR task force with representatives from all sections within the business who will better prepare the company through sharing information and aid adopting the changes required.
- Generate a data protection plan that will be reviewed and updated later to meet the GDPR demands.
- Create awareness within the business by setting a sense of urgency. The management should stress the importance of prioritizing GDPR readiness to leaders and adhere to global data hygiene for smooth adjustments.
- Employ a DPO or appoint an employee who is already familiar with data security and protection.
- Identify all types of data that are held in your business i.e. is this B2B Data, Consumer Data, Credit CardInformation, Sensitive Data all these elements will be handled differently with different layers of security too.
The European Union adopted the GDPR strategy to ensure Europe secures a top position in the digital economy globally moving forward whilst protecting individual's interests andensuring that companies act responsibility when handing information.
If you would like some more information on this, or are in need of help then get in-touch with our specialists at Business Data Prospects