For the first time in 20 years the European Union has updated its data protection laws – a sensible decision considering advances in technology and the increased risk of cyber crime that all internet-users now face. The new General Data Protection Regulation (GDPR) comes into force in May 2018, and includes key changes to laws including amends to data handling standards, consent, privacy and security.
Although the UK is leaving the EU, GDPR compliancy is crucial; not only as the UK Government has supported the new regulations, but also because the GDPR covers organisations that work with EU countries, even if they are not part of the EU themselves. GDPR will impact all businesses of all shapes and sizes.
At Blackbox Solutions, we recognise the introduction of GDPR can be overwhelming – particularly when the new laws impose severe financial penalties for organisations that breach data handling and security guidelines. Failure to comply with the new law can lead to a fine of up to €20m or 4% of global annual turnover, whichever is greater.
The new rules also state that whoever is responsible for the breach – whether it be an employee, a hacker, partner or other third party – is irrelevant. The organisation will be held responsible, pay the penalty and, ultimately, face the consequences of reputational damage.
To prepare for GDPR, Blackbox Solutions has appointed a dedicated compliance manager who is leading our team through the GDPR process to ensure that we are fully compliant. This might be something that your organisation chooses to do to ensure that you comply the new regulations. However, we appreciate that some companies simply don’t have the resources to dedicate employees to the role. That’s why Blackbox is offering GDPR project management services to businesses needing external guidance and advice.
Take a look at these top tips for starters:
Research what is required
Knowing exactly what all aspects of the GDPR mean for your business will be significantly advantageous when planning the changes you are going to make within your company.
Don’t leave it too late!
With a deadline of 25th May 2018, there’s still plenty of time to ensure that your business is fully compliant. That said, it is also important to get the ball rolling as soon as possible to ensure that you have enough time to fully prepare for the changes.
You need to know exactly where you store sensitive data. Do you have digital copies as well as physical copies? Are there backups? Is data stored on old devices? Knowing where to find data is key to ensuring the compliance process runs as smoothly as possible.
Once you’ve found the data, spend some time reviewing it. Do you still need everything that you have stored or are there things that you can get rid of?
Brief staff and stakeholders
Communication is key when introducing any new process. Discussing new systems with everyone who will be affected by the changes will allow all staff to get used to them before the deadline, minimising the risk of mistakes (and penalties).
GDPR is not simply a ‘tick-box’ exercise – it is imperative that your team proactively monitors compliance and are alert to data breaches.
Plan, plan, plan
Set clear internal policies and lines of responsibility to monitor compliance of GDPR. This will also help alert you to the possibility of a data breach, allowing you to stop it before it happens.
Although the new regulations may be bewildering, our expert team can work with you to understand how GDPR will impact your company’s operations by conducting a full data audit and developing a bespoke action plan to implement GDPR before the May 2018 deadline. Our team will be on hand every step of the way to support your business through this crucial period of change.
To find out more about Blackbox Solutions’ GDPR project management services please click here.