The deadline date for the General Data Protection Regulation (GDPR) is looming ever closer, and businesses everywhere are racing to make sure that they are fully compliant with the sweeping changes to the data protection laws. Due to the fact that the GDPR is primarily intended as a way to strengthen the protections that individuals have over their private data, it is vital that every business is fully aware of the changes that will need to take place when it comes to how and why you store the data of everyone who comes into contact with your business.The GDPR will affect any company who has dealings with any company or individual in the EU, so no matter where your business is based, if you have a global customer base, then this guide will help you prepare for the changes.
The need for consent
There are some significant fines that will be used to hit any business that fails to comply with the new legislation, and one of the main areas that it covers is the need for customers to give their express consent when it comes to giving you their data. Consent will need to be specifically granted in every case, a factor that will have a huge effect on a wide range of business types. This is not simply assuming consent either, as inferred consent through silence will no longer be enough.
Data storage requirements
You’re going to need to critically assess all of the IT systems that you use to store consumer and supplier data. The GDPR covers not only your business IT networks, but also your business-use devices, so it’s essential that you know what data you store and how you store it. When you’re assessing large data infrastructures, this can be quite a challenge, made more so if your business makes use of the BYOD culture or uses the public cloud platforms. It is worth noting that while the storage of data may be a business necessity, if your employees fail to follow the rules stipulated by GDPR, it is the company itself that will face the fines, and not the individual. Therefore, your employees need to also be aware of the changing legislative requirements as much as your IT department is.
Incident Response Plan
If your systems do come under attack by cyber criminals, then GDPR dictates that you will need to report the breach to the relevant authorities within 72 hours. Failure to do so is another way to receive those incredibly large fines, which is why you need a robust incident response plan that will guide your immediate actions following an attack. There are a number of ways that you do this, but by far the most efficient is to use resources like www.torix.co.uk who cannot only formulate your response plan, but also ensure that you are fully compliant with GDPR across the full range of your business.
GDPR is the biggest change to data laws this millennium and will affect a huge number of businesses. If you haven’t been keeping up to date on it and what it means for your business, then you may be leaving yourself open to those significant fines.