At ES Systems Ltd, we take data protection very seriously and we believe that at the core of any compliant business is infrastructure that is designed to prevent loss of data.
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a new compliance regulation designed to unify the world’s views on how business should handle data.
In essence, you’ll need to know the following:
- The scope of the data you hold on any person(s)
- Your own current business processes for data handling
- If you have a data removal solution
- Where and how your customer data is stored physically (hard copy, audio, visual, alphanumeric).
- If you have any agreements with external applications that you hold data with (Salesforce, cloud apps, etc)
- Contingency for data leaks (you need to be able to report it within 72 hours)
- Accuracy of information
We’re aware that there is a lot to consider when ensuring that you’re complying with the GDPR and that’s why we’re raising awareness of the issue. Staggeringly, only 2% of businesses are actually compliant whereas 38% of them believe that they are!
When is the GDPR deadline?
May 25th, 2018 is the official deadline for businesses to be compliant.
There are currently grey areas about how the EU will actually enforce a fine if a business appears to be in breach of the compliance. It is likely that not many businesses will meet the deadline and will be scrambling to get up to date.
We believe staying ahead of the game will allow more organised businesses to focus on growth during this time as other businesses catch up to regulation. It will be more important than ever to ensure you aren’t caught in the process.
How can we simplify this?
As a small business, you could collect only the most necessary of data, for example, data that you’re required to collect and hold records of by law after a purchase.
Holding vast amounts of data without user permission is now too much of a burden, streamline your data collection and handling processes – only include what you require to run your business.
So what about my infrastructure?
Physical data will be held in hard copy, audio, visual and alphanumeric. i.e:
- On Paper
- Phone Records
- Held in server databases
- Paper Filing System
- IP phones for safe recording and management of data (with disclaimers for opting into data handling)
- If you have a video you’ll need express permission of the data subject to hold it and a place to securely store it! (DVR – Digital Video Recorder)
- Adequately protected server databases to prevent data leaks
For wireless infrastructure, this means any captive portal or wireless device must have express permission to collect any personal data about the user through his/her device.
For cloud technologies, you will need to know that the cloud provider adheres to GDPR and have a process agreement in place for removal of data should your ‘opt-in’, suddenly become an ‘opt-out’ user.
Risk Assessment and Breaches
If you have a data breach, you’ll have to report it within 72 hours of it happening.
Ignorance is not an excuse, fines of up to 20 million euros or 4% of your business annual turnover.
Internal awareness is a requirement and the appointment of a data protection officer is essential.
Collection of data for website analytics, email marketing and customer accounts all falls under the remit of ‘data collection and processing’, even for data you already keep.
Alerting systems and technology-assisted monitoring can help you with tracking your data, there are many software solutions and checklists available.
There’s a lot of speculation on how the EU is going to enforce these regulations. Many smaller businesses will likely wonder how they’re going to pull the infrastructure and funding together to become compliant.
There are 6 months to go from the date of this article, as long as businesses start making a plan now, there’s every likelihood that they’ll be ready by the time GDRP comes around.
For those smaller businesses that rely on having their email, phone and analytics to market to; it’s a good idea to get full opt-ins from the consumer before the time comes where you must delete anything you don’t have permission to use.
Now that the deadline is just months away – is your organisation ready?
Download our handy PDF that will give you a better insight into what the GDPR is and what you should be doing in preparation. We can help your business prepare for the deadline in May. Check out our handy infographic.