Aug 23, 2017Industry insights,
GDPR - the actions for now
Businesses are already starting to consider the impact of the new General Data Protection Regulations, and we are no different. We’ve recently conducted a GDPR task meeting. The purpose of the meeting was to review all the criteria of the GDPR and to understand what we need to do to comply, also to create a list of action points and assign those to individuals for completion. We can’t advise you on the right people for your own task meeting, as this will probably depend on your business size and internal roles and responsibilities, however there should be someone in the room that has complete visibility of all your data storage provisions and internal processes.
The information we used was sourced from the Information Commissioner’s Office (ICO), and consisted of the ‘Getting ready for the GDPR’ questionnaire and ‘12 steps to take now’ document. Both of these are great resources to help in the preparation of the GDPR, which is going to come in full force in May 2018.
The first thing to keep in mind is that the changes relate to personal data. Although each business will have to get to grips with how the regulations affect them, if you are already complying with the current Data Protection laws, then you will already comply with a lot of the criteria. The new regulations are being labelled as a ‘step change’ not a complete reinvention of the wheel.
There are three fundamental areas of the new regulation and, simply put, they centre on the processing, management and storage of personal information – with a new ‘right to be forgotten’ request. There will be stricter processes surrounding how data breaches are notified, with harsh penalties for non-compliance, while businesses that process data on a large scale will need to consider the appointment of a Data Protection Officer.
The onus is on the business
Just as no two businesses are the same, no two action lists will be the same. It could depend on a number of factors, such as the volume of personal data that’s being processed, the size of the business, and the current data processing and management handling. The responsibility for ensuring that your business is compliant lies with you. So reviewing this compliance now can only be a good thing, as leaving it until the legislation becomes binding could prove a risk too far for some businesses.