As you may be aware GDPR is coming into effect on 25th May 2018.
GDPR stands for General Data Protection Regulation and its being introduced to protect individual rights of all European citizens, regardless wherever they or their information is stored around the world.
In the UK, data protection is enforced by the Information Commissioners Office (ICO) through the Data Protection Act, which will be replaced by the new Data Protection Bill, which enforces GDPR and which will remain once the UK leaves the EU in 2019.
So what does it mean for you and your business?
Your business will need to comply with a set of overall regulations, and how it obtains, manages and uses individual information.
- You must be transparent and lawful about the information you have and how you use it
- The data you acquire must be for a definitive reason which you must make clear to the individual at the time of gathering the information
- You must only store the minimum amount of information needed to fulfil your requirements
- The data needs to be accurate and up-to-date and easily accessible, should the individual need to amend it
- You can only hold data for a certain amount of time
- You must store the data in a secure manner
- You must name a person within your business as a point of contact. They will also be accountable for ensuring all data is kept securely
Above all, you must document all the measures you take to ensure your business is working towards becoming GDPR compliant.
What you need to do
- Make a list of where all your data is stored, decide who should access it and create a spreadsheet to record where your data is held
- Cleanse your data on a regular basis – this will ensure all your data is up to date
- Ensure you password protect any electronic data you have stored
- If individuals haven’t consented to having their data kept, then write to them asking for their permission
- Only keep the minimum amount of information about an individual
- Only store information for the allocated agreed time
- You must keep your data in a secure safe place
- You must designate a person within your Company that an individual can contact. They will be answerable for the data security within your business.
Your business won’t become compliant overnight, but ensuring you take steps to demonstrate you’re making changes is the most important thing you can do!