The General Data Protection Regulation (GDPR) has been in force since May 2018 and aims to respect and protect the personal data held about individuals by businesses and organisations. It’s a regulation which is being taken exceptionally seriously in the EU and, even if Britain leaves the EU, the government has advised it will stick by the regulation.
Due to the severe penalties that can be levied in the case of mishandling personal data, it’s imperative that you take action now to ensure you’re GDPR compliant
WHAT ARE THE BASICS OF GDPR?
Up until May 2018, the EU’s Data Protection Directive was in place and detailed how data should be handled. However, this directive was established in 1995 when data handling was a very different prospect due to restrictions in technology. GDPR replaces this to reflect changes in data handling.
The objective of GDPR is to protect and secure the personal data of EU citizens who are conducting transactions within EU member states. GDPR, though, is not restricted to Europe and any personal data that is exported out of the EU still falls under GDPR.
Failing to comply with GDPR can lead to significant fines being levied on organisations. Non-compliance can lead to fines of up to €20 million or 4% of annual turnover – whichever is greatest.
HOW DO YOU COMPLY WITH GDPR?
Your organisation clearly doesn’t want to risk the severe fines connected with failing to comply with GDPR, and neither should you want your business to risk the reputational damage of poor data handling. We live in an age where transparency and trust are crucial commodities, so how can you ensure you comply with GDPR?
Any EU legislation is far from simple and it’s fair to say that GDPR is a highly complex regulation. Accordingly, it’s unlikely that you will be able to regulate your data handling and improve your data storage without some help. Naturally, the nature of your business will determine how much change is required, but even the smallest business can benefit from working with an external consultant.