In Focus - GDPR
What you need to know
As new data protection rules come into force soon, we take a look at what it means for your business and what you can start doing now to ensure you are prepared.
What does the new data protection regulation mean for your business?
The European Union has changed its data protection rules. The changes are now law and they will go live across the EU on 25th May 2018. These new rules are called the General Data Protection Regulation and apply across the board from public authorities to small and medium-sized businesses. These changes will affect the way we all do business.
This information has been taken from the Fellowes White Paper on GDPR.
Access the full document at: campaigns.fellowes.com/GDPR
What should I do now?
To do the work to be GDPR-compliant you must budget and plan resources (including IT). Also use your planning time well to adapt.
The following are ten top compliance issues to start addressing:
- Put in place a privacy assessment process – map your data and determine areas of risk.
- Thoroughly review vendor contracts – you will need your vendors’ help especially in reporting security breaches very quickly and so make sure that you have the contractual rights to insist on this.
- Update systems and materials, and prepare new detailed documentation and records for production for regulatory inspection.
- Review key practical aspects including data retention with all the data used by the business.
- Make sure you have plans in place to securely destroy data that you don’t need.
- Ensure that new aspects such as explicit consent, the right to be forgotten, the data portability right, and the right to object are all included in policies and procedures.
- Put in place a data protection breach notification procedure, including detection and response capabilities, and rehearse this like you would a fire drill.
- Consider appointing a data protection officer.
- Training, training, training – train staff on all of the above (data protection regulators pay special attention to this)
- Set up and undertake regular compliance audits in order to identify and rectify issues.