Tick-tock, tick-tock. Sounds like time ticking closer to the 25th of May 2018 when the EU General Data Protection Regulation (GDPR) will finally be upon us.
These aren’t just minor changes to the Data Protection Directive that came out in 1995, these are wholesale changes that transform the way every business has been processing personal data up until this point. Some of the major differences include:
Companies can be fined 20 million EUR or up to 4% of their worldwide turnover for violations of GDPR.
The regulation will apply to non-EU businesses that operate in the EU (processing personal data in the region.)
You should already be well on your way to finalising your GDPR plan to avoid being one of the companies who ends up in a blind panic closer to the time. But if not, then we’re here to help you out by letting you know what the best first steps to take are so that you can ease yourself into it.
Step 1: Groundwork
The first step is to identify the key stakeholders as soon as you can. If you’re having trouble doing this, we suggest shocking them with the massive fines your company could face. This should be enough to jolt them into action.
Not only does having a comprehensive GDPR plan in place eliminate the risk of these fines, but it also gives you a competitive advantage over your competitors as you become a known bastion of personal data protection.
Step 2: Collate information
You will need to know what personal data you are collecting, how and where its used, who its shared with and what existing compliance measures you already have in place. This helps you make a start on complying with certain GDPR requirements, such as keeping a record of processing activities and the principle of accountability which underlines the entire regulation.
Step 3: Review
Once you’ve got all this information you will need to review it. What you will get after this is a gap analysis. For example, you may already have a data protection officer and a robust method of checking data processing activities. If so, you should make sure these both fit in with GDPR then you’ll be able to see what other gaps you may need to fill in for GDPR compliance.
These first steps should set you in good stead as you set off in your GDPR journey. Also, if you are UK based and wondering if GDPR will apply to your business then have a look at our blog on the subject here.
SPOILER ALERT: GDPR applies to you and your business regardless of Brexit.
We can support you with your GDPR plan, whether you need an end-to-end GDPR solution or if you just need to fill in the gaps. If you’d like to find out about our GDPR offerings, please get in touch here.