GDPR Preparation is Key:
With less than 5 month to go before the new General Data Protection Regulation (GDPR) comes into force employers are urged to start preparing immediately if they haven’t already done so.
What is it?
The GDPR is a European privacy regulation replacing all existing data protection regulations and will come into play on 25 May 2018. The aim of the GDPR is to protect all EU citizens from privacy and data breaches in an increasingly data-driven world.
The GDPR applies to all businesses including sole traders that process personal data (a name, photo, email address, bank details etc.) so it is safe to say that it will affect all businesses in some way. Employers are advised to be prepared otherwise they will face fines of up to €20M or 4% of annual global revenue, whichever is greater, for non-compliance.
A good starting point for preparing for GDPR is to create an inventory of all personal data held and answer the following questions:
• Why are you holding the data?
• What is the legal basis for holding the data?
• How is the data obtained?
• Why the data was originally gathered?
• How long is the data held for?
• How is the data saved? Is it saved securely?
• Is the data shared with anyone else and with whom?
As the GDPR requires organisations to be in a position to demonstrate compliance with its requirements, documenting the above will enable employers to:
• Identify and gaps in compliance
• Put in place processes to rectify gaps
• Produce evidence of its compliance on the new GDPR
In preparation for GDPR you must be aware of your data protection responsibilities and ensure that all employees are aware of their responsibilities when processing data. Ensure that you have an up to date data protection/privacy policies addressing the six principles of GDPR and apply it to your organisation.