New general data protection regulation is coming into place on the 25th May 2018. Your business could be affected by the new changes in a range of ways, so it’s important you comply. Here we tell you what the new regulations are along with how they may affect your business.
What is general data protection regulation?
Many of the GDPR concepts are the same as before. However, there have been a few alterations to the laws that can significantly affect how you collect and use personal information.
New GDPR requirements apply to each country within the European Union. The new laws aim to create stronger protection for personal information and consumer data. The following aspects are vital requirements within the new general data protection regulation laws:
- You will now need to obtain consent from the subject to process their data
- Safe handling of data within organisations
- Giving individuals data access
- Being more specific regarding data that is collected
In short, a business can no longer take data from an individual without confirming it is ok to do so. Businesses can no longer share any personal data they obtain. You will also have to put enforce safer data protection within the business; this means files and information needs to be kept in a safe place at all times. If companies do not comply with general data protection regulations, they can be subject to a substantial fine along with an investigation into data handling within the organisation. If you would like more information on exactly what the GDPR laws are we recommend taking a look at IT Governance.
Compliance
There are no specific benchmarks you need to reach to be compliant with the laws. Many businesses will need to carry out their own internal audits on how they handle the data they collect and the way it is collected. Ultimately, if someone feels you have not been compliant with the new laws you could be checked by a judge who will decide if your business has been compliant. If not you could have extensive action taken against you and your business.
What happens if we breach the new laws?
If you find someone within your business or your organisation has breached data protection regulations, you must report to the regulatory body within 72 hours of first becoming aware of the situation. As well as informing the regulatory body you must also make the individual or individuals that their data has been compromised.
How will GDPR effect my business?
You may be thinking the new GDPR laws are going to have a huge impact in the way you collect data, but you shouldn’t panic there are a few things you need to do to ensure your business if effectively implementing the new regulations. Firstly, you are going to need to undergo an internal audit; this means checking the following:
- What personal information do you already hold?
- Where did you get the information from?
- Where do you currently store it?
- Have you gained permission to receive it?
- Is the data you have held legally?
- Are you holding it under the pretences the data subject gave to you?
If you are a larger organisation or a data centre installation team you may want to think about employing a data protection officer, they will be able to check the processes your business goes through along with ensuring data is safe.
What do we need to look out for?
There are three main points you need to ensure your business is following to comply with new GDPR laws:
- Data Permission is how you allow your customer to opt-in to the way your business collects the data and how you manage it. The data subject now needs to express consent which has been reinforced in a clear affirmative manner. This means anyone you were already collecting data from needs to be asked again whether it is okay for you to collect their data and use it for your business.
- Data Access means individuals have greater access to their personal data. They will have more control over the way it is collected and the way in which it is used. The individual now has the right to ask any business to remove any personal information they hold. Many businesses can make this easier for the consumer by installing an unsubscribe button.
- Data Focus is more important than ever with the new GDPR laws. It essentially means any data you collect has to be more specific to your business; you can no longer collect data that you might use in the future, the data you do collect needs to be relevant. Businesses will now legally be required to justify why they have collected that specific data.
How will it affect data centres?
Data Centres will now need to ensure they are regularly testing, assessing and evaluating the effectiveness of their technology to ensure customer data and information is safe. Security is going to be one of the main things data centre staff will be looking into; data centres are attacked with hackers and other unwanted disasters that can have a dramatic effect on the personal data which is stored.
You will need to ensure all staff members and network engineers working within data centres are aware and highly trained in new general data protection laws. We recommend taking a look at ICO’s 12 steps to take now.
Summary
Ensure everyone in your business or organisation is aware of how the new GDPR laws work. Carryout all internal audits before the 25th May 2018 to ensure your business is not breaching any of the new laws. Take the time to look at how you are collecting the data as well as how it is being stored.
Remember you now need to gain consent from any individual you wish to collect data from before doing so, this also takes into consideration all the data subjects you already collect data from. Provide all data subjects with an opt-in and opt-out option, this way you will never get stuck under a data protection breach.