General Data Protection Regulations Are you ready for the new GDPR?

The new General Data Protection Regulations (GDPR) promise to be a game changer for all organisations when they come into force in May 2018.  Until now data protection may not have been a high priory issue in many workplaces, but with the introduction of fines of up to 20 Million Euros or 4% of a company’s global turnover for a major breech (whichever is higher), the stakes have certainly risen.

The new regulations focus on strengthening the rights of the individual and set out six key principles which companies will need to abide by:

 

Consent and Personal Data

Another key change is that data now includes online identifier and location data which now means that an IP address, mobile device Ids and alike are classed as personal data, even if encrypted and therefore are covered by the regulations.

Anyone whose data you process must give their informed consent – it is no longer possible to assume that consent has been given and people may withdraw their consent at any time.  Similarly, people will have the right to ensure that data held on them is erased and any inaccuracies corrected.  They may also have the right to be told of a data breech in some circumstances.

Whilst it is still some months until the new regulations come into force, it’s essential that organisations act now to review their current practices and make any changes needed to ensure compliance in the future.

Key things to think about are:

• Your recruitment processes
• References – both requesting and writing
• How employee performance in monitored and recorded
• How employee records and handled before, during and after employment
• How you acquire, process and keep customer data

 

Educating staff on Data Protection

The biggest risks for most organisations will be the risk of staff failing to take adequate care with data.  Even the best systems may not prevent the member of staff who leaves a lap top on the train! 

Therefore, staff education it key, so, take action now:

• Raise awareness in your company of the new regulations
• Make sure you have a lead person identified to head up Data Protection in your company
• Review your policies and procedures to make sure they are robust and adequate
• Seek legal advice if needed
• Conduct an audit to make sure all staff and workplaces are complying with your policies
• Train staff to ensure that they understand the important part they play in ensuring compliance.
• Contact the Information Commissioners Office (ICO) who can support with training and awareness raising.

 

By acting now, you have time to get things in order before next May and to ensure you are ready for the full impact of the GDPR.

 

Find it useful? Please share!