GDPR: How to Prepare Your Business in Time for the New Regulations
General Data Protection Regulation (GDPR), a legal framework with set guidelines for the collection and processing of personal data, will come into effect across the EU on 25th May 2018. The regulations set out the guidelines for business data management, and it is critical to comply: breaching could mean you are issued with a charge of up to €20m, or 4% of your global annual turnover depending on which is greater.
At Vantage, we are already considering the impacts of GDPR on our own organisation, and how we can support our clients in achieving compliance.
Here are a series of achievable steps to make sure that your business is GDPR ready:
Educate Yourself & Others
Firstly, it is important to make sure that everyone understands what GDPR is, and how it will affect your business. Read up on what is expected from you as a business, and what you can do to make sure you are implementing GDPR correctly before it comes into effect.
Review Your Data
Now is the time to go through your existing data to find out exactly where it is stored, and filter through it to remove what you no longer need. This will help to reduce the amount of data you will then have to manage and audit in the future. Withholding data that has not been consented must not be contacted without permission, otherwise there will be charges.
Ask for Consent
The most important aspect of GDPR is to make sure all your customers have personally given their consent as to whether you can access their data or not. Without sufficient evidence of consent, you will face charges and enormous fines. When asking people to opt in to giving their data, it is important to use clear and simple language, stating exactly why you want their data and what you are going to do with it.
Manage Given Consent
Once you have been given consent, you must regularly review the records of your customers, ensuring that the processing and purposes have not changed, as well as documenting evidence of their consent. It is also crucial to allow people to withdraw their consent at any time, without penalising them and act upon their request as soon as possible.
To find out more about GDPR, visit www.ico.org.uk.