Halcyon Offices in 2017 – A Year in Review
December 28, 2017
How to reduce Workplace Stress through effective Time Management
January 26, 2018
New Data Protection Regulations come into force this May and every business must comply or face hefty fines.
A recent survey* revealed that 55% of UK business leaders were unaware of GDPR and that only 35% of companies have a record of consent to store their customers’ data. Only 27% of these businesses believed GDPR applied to them, despite 73% of the companies agreeing that they held customer data on file. So, what is GDPR and will it affect your small business?
• Web data such as location, IP address, cookie data and RFID tags
• Health and genetic data
• Biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation
What is GDPR?
Changes to the 2016 EU General Data Protection Regulation (or GDPR) will come into effect on 25th May 2018. This regulation supersedes the Data Protection Act of 1998. All companies operating within the EU who hold customer or third-party personal data must take steps to comply.What data does GDPR protect?
• Basic identity information such as name, address and ID numbers• Web data such as location, IP address, cookie data and RFID tags
• Health and genetic data
• Biometric data
• Racial or ethnic data
• Political opinions
• Sexual orientation
Active not silent ‘opt-in’
In short, customers (past, present and future) must actively opt-in to any communication from your company. They must also be given the option to withdraw consent or to unsubscribe at any time.8 Steps to become GDPR compliant
1. Data Handling Your company must have guidelines in place for the storing and handling of personal data.2. Review all data held How is existing data held and what is it used for?
3. Appoint a Data Protection Officer To oversee and ensure GDPR compliance or hire someone specifically for this role.
4. Create a Data Protection Plan Review and update existing plans in line with the new GDPR regulations.
5. Carry out a risk assessment Review what data your company stores and processes on EU citizens. Understand the risks around it. Your risk assessment should also summarise measures taken to mitigate that risk.
6. Contact existing Clients Create a plan for contacting all existing clients to confirm the data you hold and ask for their explicit consent for future communications.
7. Build an Incidence Response Plan GDPR requires that companies report breaches within 72 hours. How well the response plan minimises the damage will directly affect the company’s risk of fines.
8. Ensure all third party partnering companies have a GDPR policy E.g. IT Support, cloud providers, print houses, mail handling, accountants etc.
For more detailed information on GDPR, visit the ICO website as follows:
ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
*Survey of 100 business leaders conducted by PORT.im
ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
*Survey of 100 business leaders conducted by PORT.im
