The new General Data Protection Regulation (GDPR) is coming into effect in 2018 and will affect all businesses in the UK and EU. We speak to Marketing Manager at Titania Ltd, Tara Chrzanowski for her advice and what she would say to businesses preparing for the legislation.
Tara is responsible, along with the companies Network Administrator, for GDPR within the business and has been working towards getting the company compliant.
“The task seemed complex at first. Upon investigation we found not all of GDPR is relevant to our business. By using resources from ICO, we very quickly identified what we needed to do and broke it up into manageable chunks.”
What is GDPR?
GDPR will replace the current Data Protection Act 1998 (DPA) by building in more compliance regulations. It is the result of the EU bringing the data protection legislation in line with new ways that data is now collected, used and stored. The new legislation still gives companies a say in what they do with their data but introduces regulations around the type of data held and how it can be used.
GDPR expands on the current data protection legislation which protects people’s personal information. It will bring heavy fines for companies who are non-compliant (up to 4% of annual turnover or 20 million Euros, whichever is higher).
How does GDPR affect business processes?
'Controllers' and 'processors' of data need to understand GDPR. It's the controller's ultimate responsibility is to ensure their processors abide by GDPR law. This involves maintaining records of data processing activities, creating procedures to deal with data processing and auditing current personal and customer data to make sure only ‘relevant’ data is stored.
The Data Controller is the person responsible for data breaches, however, if processors are involved in a breach, they are far more likely to face lawful action under GDPR than they were under the 1998 Data Protection Act.
How should businesses prepare for GDPR?
You should familiarise yourself on what GDPR is. Learn how the regulation works and how it differs from DPA. Using information from reputable sources is key. ICO (Information Commissioner’s Office) https://ico.org.uk/ is a leading resource centre for GDPR and exact conditions are laid out to ensure your compliance.
You'll need to make sure all employees within the business are aware of the new regulations and procedures which are introduced and make prepare for assessments as the legislation is going to be taken very seriously. GDPR is being introduced to help keep your business secure and protected.
“GDPR does not have to be scary. There are also free services and advice from local authorities which can help you move forward and not get stuck trying to decipher the legislation”
What software can help with the ‘information security’ section of GDPR?
There are many types of software which can help towards being GDPR compliant. For instance, Titania’s Paws Studio has a version which looks at the IASME recommendations for the Cyber Essentials policy and includes part of the GDPR regulations you need to comply with.
By using the software, you will identify and be able to start fixing the gaps in security. By doing this you will be compliant with certain elements within the GDPR framework.