We have just over a year before we see the introduction of GDPR, the new General Data Protection Regulation which will replace the current Data Protection Directive (DPD) and bring in significant changes to data protection laws as we know it.
Approved by the European Parliament in April 2016, GDPR will come into effect on the 25th May 2018 and aims to unify and strengthen data protection for individuals within the European Union (EU).
Some of the major changes include tougher sanctions, more rights for individuals, and a wider territorial scope, meaning that any non-EU organisation that does business in the EU will also be obliged to comply. The appointment of a Data Protection Officer (DPO) will also be mandatory for certain companies.
Yet, despite this being just 15 months away, there are still an alarming number of businesses who have not taken a single step forward in preparing for GDPR, and have no idea of the impact it will have upon them.
A recent study by Veritas Technologies has revealed that over half of businesses have not even began any work on meeting minimum GDPR compliance standards. This goes hand in hand with an independent survey commissioned by NetSkope, showing that only 1 in 3 British adults are aware of GDPR and over 70% of workers have not yet been informed of this regulation by their employers.
Currently, under the Data Protection Act (DPA), failure to comply with data protection rules can lead to firms being fined a maximum of £500,000, with the highest to date being around £400,000. However, when GDPR comes into effect, penalties will be much tougher and will result in firms potentially being fined 4% of their annual global turnover or EUR 20 million, whichever is the highest.
So, with that in mind, surely this is the incentive businesses need to get to grips with the new regulations and make sure they get it right....right?
Follow these top tips to get your business ready for GDPR:
- Know where your data is and get familiar with your data sources - It is impossible to comply with data protection rules if you don't know what data you hold and where it is, so having visibility of your data at all times and knowing what it consists of is crucial.
- Categorise your data - Even though all of your data certainly does have relevance and importance, some data will be more significant than others. Categorising your data according to its value within your company will help to reduce the risk of security breaches.
- Have a Data Protection Officer in place - This applies if you have over 250 employees in your company. They will act as the main go to person for all data protection activities within your firm.
- Have detailed plans in place in case it goes wrong - Get your business ready for any possible negative situations. This means having detailed plans and costs in place that can be consulted in the event of such outcomes.
- Educate your staff - Train your employees up and make sure they understand what the impending new regulation means for them, with our GDPR training library. . Fill out our Contact form to find out more information.