The new GDPR (General Data Protection Regulation) will be taking force in May 2018. The updated piece of EU legislation will be the legal framework for data protection across Europe. Its purpose is to protect individual’s personal information who are European citizens.
The GDPR was created to give people more control over how their personal data is being used. The current legislation is seen as outdated as it was passed before the internet and cloud technologies were created. Since then, there have been new ways to exploit data which is why the new legislation is essential.
So what do businesses need to know about the GDPR?
Companies may have started to look at the implications and as most are finding out, it’s a complicated piece of legislation. The GDPR is wide raging and it’s essential all areas of your business understand their responsibilities. Companies will have a duty to ensure that they keep people’s data protected and safe from any data breaches such as, hacking. Companies will have to ensure that they have a relevant plan in place if they do have a data breach. This is why it is essential all companies have measures in place to avoid that problem.
Where to start?
The best place to start is to access your businesses current procedure and resources. Think about how you would handle a data breach should it happen. You should know what data you currently hold and what data you are required to protect. If you do not have the adequate resources and expertise to assess and manage the security of the data, think about looking for an external source that is capable of supporting you through the preparation and implementation of the future changes.
You also need to take into account the tough penalties that come with the breach of the legislation. The proposed fines are up to 4% or £20 million of the entity’s global gross revenue, for violations of record-keeping, security, breach notification, and privacy impact assessment obligations.