GDPR is just weeks away from being enforced. So, how do you ensure your business is ready for it by 25th May?
There’s so much information available about what you should do to prepare, and you’ll likely have begun receiving emails from other companies asking whether you want to continue receiving information from them or to notify you of their updated policies. But, how do you begin to understand the effect it’ll have on your business?[attention-lead-magnet] We sweat the details, so you don’t have to – WORRY-FREE WORDPRESS MAINTENANCE PLANS [/attention-lead-magnet]
Firstly, what is it?
GDPR (General Data Protection Regulation) is a new regulation and an evolution of the outdated Data Protection Directive. It will affect those who handle data that relates to anyone in the UK or EU and will require you to:
- Appoint a DPO (Data Protection Officer) to manage your data and report breaches.
- Establish security processes to protect all sensitive data.
- Prove consent to contact individuals beyond the original transaction.
Any company or organization found not complying with the new regulations can be fined up to 2% of their annual turnover or €20 million, whichever is greater in value.
It aims to improve the management of data, reduce the sale of data and misuse of data to enable the public to have greater control of how their data is used.
Understand your current position
To become compliant, you must understand your current position. This requires you to conduct an audit, which should address the following:
Where you store data – Whether you store data online or offline, in various software systems or removable data storage devices, such as USBs, it’s important to map out every location to enable you to review how you handle data, delete data and pass it on, along with your security processes.
What data you collect – GDPR requires you to only collect the data necessary for you to provide quality services or products. Plan out what data you need to collect and delete any unnecessary information.
How you collect it and use it – It’s vital you can be completely transparent about how you collect data on your customers, prospects, suppliers, and partners. Whether you take payments online or not, it’s vital your website is secure. Ensure your website has an SSL certificate, updated privacy policies and terms and conditions. Also, clearly state how you will use someone’s data once they provide you with it to maintain communication. Will you send them an email confirmation, will you call them, are they signing up for a newsletter?
How do you become compliant?
Making changes to everyday processes where data is used or held and adopting best practices is what GDPR is all about.
Address potential data siloes and ensure any third parties you work with are also GDPR compliant, this includes any cloud storage, CRM software, accounts packages. Also, consider how data is transported and create processes to protect data even if it’s copied by employees onto portable media such as USB drives.
You won’t be GDPR compliant without addressing USB data loss.
USBs provide a convenient way to transfer data but, their small physical size means that they can easily be lost or stolen. If you hold data on USBs, it’s recommended that you encrypt them, so they cannot be read by anyone else other than the authorized user.
Once you have everything in place to be compliant, be sure to train staff, as they are ultimately accountable for following the correct policies and maintaining security.
For more information, visit the USB Makers blog here.