The GDPR stands for the General Data Protection Regulation, and if your business collects any type of customer Personal Data, it’s likely that you’re going to have to make some changes to the way your business runs. Regulation like the GDPR can be confusing to those who aren’t familiar with this area, so let us break it down for you.
- What is the GDPR and why am I hearing so much about it?
A good place to start is with the Data Protection Act 1998, which basically set the ground rules around the use of data in the U.K.
The problem is, that in those days, companies were still storing records on paper in filing cabinets. A lot has changed since then, so, naturally, regulation has to change too.
The GDPR incorporates much of the same fundamentals as the Data Protection Act with a fresh coat of paint – but there a few additional responsibilities for companies too. GDPR is a single EU Regulation which covers the whole of Europe, on the 25th May 2018 as incorporated also in the Data protection Act 2018.
- What are my additional responsibilities?
Here’s what you need to do now so you’re not left behind when GDPR comes into force:
- Ensure adequate technical and security measures are in place;
- Put processes in place to deal with data security breaches;
- Make sure your privacy notices are aligned with GDPR;
- Put procedures in place to cover data subject rights – including what happens if someone requests their data;
- Ensure your processing of personal data is lawful (e.g. do you have legitimate interest or consent);
- Make sure someone in your company is responsible for data protection compliance
- But Brexit is happening – surely EU regulations don’t apply?
Even though we’re exiting the EU, the GDPR will continue to apply – that is, under the new Data Protection Act 2018. Part 2 of this Act has a pointer right back to the GDPR and the rest introduces new areas which are not part of the GDPR.
But don’t get too confident – we won’t have seen the last of the GDPR in the UK, even after Brexit. The GDPR will still supplement the UK’s Data Protection Act 2018 and is referred to in the EU’s Brexit Withdrawal Bill, so most of its principles will remain.
- Do business in Europe? You need to read this…
Chances are you have some dealings within the EU – whether they’re business customers or end users.
In order to do business with any company or person based in the European Union, you’ll have to comply with GDPR – as will your suppliers. No exceptions.
- What happens if I don’t comply?
If data is leaked due to security breach and insufficient technical or security measures are not in place, then a business could be fined for failing to comply.
The supervisory authority could fine either (i) €10 million or 2% annual global turnover (ii) €20 million or 4% annual global turnover, whichever is higher.
- Customer testimonials
Here is some of our customer testimonials:
“Certainty Solution are very knowledgeable about GDPR and related issues – Mum’s UnLtd”
Found the “GDPR awareness was really great- Christina”.
“Certainty solution, wonderful and thank you for starting to get our business ready for GDPR ”
If you need help with getting your business ready for the GDPR, we’re happy to discuss the changes with you -email us at firstname.lastname@example.org.