GDPR otherwise known as The EU General Data Protection Regulation will come into force next year on the 25 May 2018. It will be the de-facto policy for data privacy for all UK and EU businesses. It will replace the long standing Data Protection Act.
The remit of GDPR is quite simple, it’s basis is to broaden the rights of individuals data and give access to it, whilst businesses who handle such data ensure it is secure. The idea is for you to be more in control over your own data and for organisations to adhere to the policies. Failure to do so could result in hefty fines for companies.
If all or part of your business operates in the online space, such as eCommerce or taking individuals data in some way shape or form, then you will need to demonstrate you have taken adequate steps to ensure you followed the new guidelines.
So, the question remains what should your business be doing to ensure you’re compliant. Remember these should be in place by the 25th of May 2018, therefore it’s wise to start implementing these now, so you don’t fall foul of the new legislation. It also makes good business sense to get the ball rolling so there is minimal interruption to your business.
If you’re organisation collects and uses customer data, then you must assure that, that data is kept securely. Regardless of where you outsource certain parts of handling client data to third parties, such as merchant payments, digital marketing, collating data from social networks for login type activities, this now no longer is it the responsibility of the third parties policy and doesn’t absolve you. If that data flows through or touches your supply chain, then you are obligated to follow the legislation to ensure it is secure. The idea behind this is to understand and secure leakages throughout the data flow process.
If you don’t follow the rules then you could be liable for a fine which could be anything between £500k to £17 Million.