GDPR comes into effect from 25th May 2018
is your business ready
GDPR Regulation come into effect 25th May 2018 across Europe and has been accepted by the UK.
Anyone dealing with personally identifiable data must be able to demonstrate that they are accountable and comply with all GDPR Regulations.
What are the basic principles of the GDPR regulation?
- Fairly and lawful processing of data.
- Data is processed only for the limited purposes it was given.
- To ensure data is adequate, relevant, not excessive.
- To make sure data is accurate and up to date.
- To ensure data is not kept for longer than needed.
- To process data in line with a data subject’s rights.
- To ensure data is secure.
- Data is not to be transferred to 3rd world countries or internationally without prior consent.
Did you know?
Magnet Protect, built on the world’s leading security platform Palo Alto Networks, is the ultimate protection for your business. Guiding your business on the right path towards GDPR compliancy
“How do I know if my business is GDPR compliant?”
Answer the questionnaire below and find out.
Top 10 Tips
to help get your business GDPR ready
We prepared an exclusive list of the top 10 things you can start to do NOW to get your business on the path to GDPR compliance.
Start Preparing NOW
The sooner you begin to prepare for the GDPR, the more cost-effective it will be for your organisation. Implement a structure and appoint a dedicated Data Protection Officer (if your business is classified as a ‘high data processor’) who can manage and process any changes needed to how your business receives and stores data under the new regulations. Hold workshops with your staff to review and enhance your businesses obligations and awareness of the new regulations and how you can minimise risks and protect your business.
Audit your data
Make an inventory of all personal data your business processes and examine it under the following headings:
- Why are you holding it?
- How did you obtain it?
- Why was it originally gathered?
- How long will you retain it?
- Do you need to retain the data?
- How secure is it, both in terms of encryption and accessibility?
- Do you ever share it with third parties and on what basis might you do so?
Review your current procedures and amend as needed, as GDPR is a game changer!
On the whole, the rights individuals will enjoy under GDPR are the same as those under the current Acts, but with some significant enhancements. Review how you seek, obtain and record customer consent, and whether you need to make any changes. Update your privacy notifications, speak to non-EU contractors/ suppliers who have access to or process personal data for your business and implement the required changes. Organisations who already apply these principles will find the transition to GDPR less difficult. Rights for individuals under the GDPR include:
- Subject access
- To have inaccuracies corrected
- To have information erased
- To object to direct marketing
- To restrict the processing of their information, including automated decision-making
- Data portability
Check your current technical infrastructure
Audit your current IT/ technical infrastructure to see if it is up to the task of ensuring optimal governance of client data and update if needed. Are your systems currently compliant with the new regulations and what changes/ improvements need to be made and how easily and quickly can these changes be implemented for your business?
Record your preparation for GDPR
Businesses will need to keep records of what processes and solutions they have implemented to be GDPR compliant. All businesses and “data controllers” (e.g. employees who have access to data) are covered by the new “Accountability” concept in the new GDPR regulations. This means your business is required to not just adhere to the principles of GDPR but you must also be able to demonstrate compliance with the regulations.
How do the new regulations affect your sales and marketing?
One of the headline rulings in GDPR is “Unambiguous Consent”, this means that it is vitally important that users understand every aspect of what they potentially are consenting to when giving your business their personally identifiable information (P.I.I.). This will greatly affect all aspects of your businesses sales and marketing. Businesses will have to ensure that consent received from users is in line with the new GDPR regulations, such as:
- Given freely, e.g. contracted services dependant on conditional consent is NOT valid consent
- For specific reasons, blanket consent is NOT valid consent
- Informed consent. Users need to be clearly and simply informed exactly what they are consenting to and that they have the right to withdraw their consent at any time under their right to be forgotten
- Consent has to be Unambiguous. The consent given should leave no room for doubt on what the user is consenting to, whether that be singular use of their information or for multiple purposes
- Affirmative action is required. Users must clearly affirm their consent verbally, in writing or ticking a box. No longer are pre-ticked boxes, silence, inactivity or other ambiguous means acceptable
Divide your GDPR implementation plan into 4 phases:
Phase 1: Preparation
Review and ensure your businesses readiness for GDPR
Phase 2: Implementation
Following your review phase, implement effective changes in both processes and systems to ensure your business is GDPR compliant
Phase 3: Maintenance
Ensure & be able to demonstrate that your business continues to follow GDPR regulations going forward.
Phase 4: Review and Repeat
Expect the unexpected
Be prepared, whatever can happen, will happen. Ensure your business has a specific disaster recovery plan in place should you suffer a breach. If one occurs generally, your Data Protection Officer will have 72 hours from when they are made aware depending on the severity of the breach.
It’s not too late… start today to get your business GDPR ready
The deadline for GDPR is May 25th. It will take time to educate your staff, review, edit your data, and implement process changes to your business. Give your business and staff ample time to acclimate and become accustomed to the new regulations and their requirement
What products can help your business be GDPR compliant?
With the sea change needed in data recording, business processes being updated and training of staff, to name a few, businesses will need to spend the vast majority of their time concentrating on the human aspect of the onset of GDPR. What products or services out there can help your business get GDPR compliant with little or no hassle?
To find out more or to discuss how Magnet Networks can get your business fit for GDPR, contact us on 1800 789 789 or firstname.lastname@example.org
When it came to our telecoms we wanted the most innovative and credible solution for big data transfer”