GDPR is almost here, how ready is your business?
Non-compliant businesses could receive a fine of up to 4% of annual turnover.
What is the GDPR?
The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) is a regulation by which the European Parliament, the Council of the European Union and the European Commission intend to strengthen and unify data protection for all individuals within the European Union (EU).
The GDPR comes into affect on the 25h May 2018.
Will the GDPR affect my business?
If you hold and process personal information about your clients, employees or suppliers, you are legally obliged to protect that information.
How will GDPR affect my business?
With personal and sensitive data you must:
- Only collect information that you need for a specific purpose;
- Keep it secure;
- Ensure it is relevant and up to date;
- Only hold as much as you need, and only for as long as you need it; and
- Allow the subject of the information to see it on request.
What do I need to do to become GDPR compliant?
There are a number of things you need to do to become GDPR compliant:
- Map your business’s data
- Determine what data you need to keep
- Put security measures in place
- Review your documentation
- Establish procedures for handling personal data
Okay, I understand what is required to become GDPR compliant but I’m not sure where to start..
Introducing the GDPR Tracker
The GDPR tracker is an online tool that will guide you around the items that need to be considered under the new General Data Protection Regulations which come into affect in May 2018.
The Tracker will advise you on exactly what you need to do to become compliant.
We’ve got all aspects of the GDPR covered
The GDPR Tracker will guide you through the following:
This definition provides for a wide range of personal identifiers to constitute personal data, including name, identification number, location data or online identifier, reflecting changes in technology and the way organisations collect information about people.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria. This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised – eg key-coded – can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.
- processing based on legitimate interests or the performance of a task in the public interest/exercise of official authority (including profiling);
- direct marketing (including profiling); and
- processing for purposes of scientific/historical research and statistics.
If the breach is likely to result in a high risk of adversely affecting individuals’ rights and freedoms, you must also inform those individuals without undue delay.
You should ensure you have robust breach detection, investigation and internal reporting procedures in place. This will facilitate decision-making about whether or not you need to notify the relevant supervisory authority and the affected individuals.
You must also keep a record of any personal data breaches, regardless of whether you are required to notify.
DPIAs can be an integral part of taking a privacy by design approach.
The GDPR sets out the circumstances in which a DPIA must be carried out.
These restrictions are in place to ensure that the level of protection of individuals afforded by the GDPR is not undermined.
GDPR Templates & Policies Included
We’ve got a selection of ready to fill in GDPR templates and policies to show how your small business is GDPR complaint.
GDPR Compliance Report
Once you’ve put all the correct measures in place and documented through the GDPR Tracker, you’ll be able to download a report detailing the steps taken if a request were made asking what steps were taken or if an issue were to arise.
What happens after the 25th May 2018 deadline?
- Fines of up to 4% of global annual turnover or 20 million Euros – which ever is greater will come into affect.
- Individuals will have right to request what data is held about them, which needs to provided to them within 30 days.
- Marketing will be difficult if you don’t have explicit consent – leaving you wide open to be reported to the ICO.
- All breaches will need to be notified to the ICO within 72 hours and recorded.
With the GDPR Tracker you’ll be compliant before the deadline if you act now.
£9912 months access
Time is running out..
The GDPR Tracker will help you become compliant, by giving you the awareness of what data you have and ensuring the correct policies and procedures are in place.
Get access to the GDPR Tracker and remove the headache of becoming GDPR compliant by entering your email address below:
Frequently Asked Questions
Once you have the key processes and procedures in place these will need to be maintained as and when your organisation changes and especially when you’re data requirements change too.
Data subjects will have the right to access their data.
As you introduce new systems and suppliers – Privacy Impact Assessments will need to be carried out.
If your organisation is investigated or breached – you’ll have all your information in relation to the GDPR via the GDPR Tracker for easy of use in a single report.