GDPR is a subject that we have all been bombarded with for months, but do you really understand your responsibilities and why we have had to further lock down the information we hold. As of May 25th, 2018 the European Union altered the business requirements for companies that hold personal information relating to any EU residents. The General Data Protection Regulation or more commonly known as GDPR applies to any company doing business with clients in the EU.
The main purpose of the policy is to provide a clear definition of the rules and regulations for all businesses or nations that handle EU client data regardless of where the company is based.
Protecting data has become increasingly difficult with the rise in volume of data held by companies in all industries and technology has created even more challenges for business. GDPR requires the following to be dealt with effectively:
How electronic information is stored, transferred, accessed and secured
Document retention schedules, and how they are enforced
Written proof of compliance
Businesses should create a compliance strategy that clearly outlines how they will deal with the data they hold and ensure they inform their clients of this when collecting personal information. They should also ensure they effectively deal with the consent issue surrounding the collection of data from any client.
No matter the size, any company who handles data for citizens of EU members must have protocols in place for Personally Identifiable Information or PII, for storage, transfer and collection.
A large component of GDPR and how data is now processed is the change in breach notification requirements, companies must act quickly when they are aware a personal data breach has taken place. Those whose information has been exposed need to be informed of the breach and will need to include details of what information was exposed. The company will also be required to report the breach to the data protection regulator and possibly other authorities dependent on industry.
A company can face up to EUR 20 million in fines for failing to comply or 4% of the total global revenue for the preceding fiscal year (whichever is higher), hence why the regulations should be taken seriously.
The costs preparing and complying with GDPR for a company can be high, ensuring you have trained staff, secure systems and robust processes, no mean feat! 1PS can help and guide your company to ensure you have in place policies and procedures that will protect you and ensure you responsibilities are met. Take a look at our GDPR service for more information or contact us at firstname.lastname@example.org or call on 0207 175 1177.