If you haven’t looked at the IT implications for the new GDPR (General Data Protection Regulation) yet, then now is the time to act. There is now less than two months before the new laws come into effect on 25th May 2018.
How does this affect my business and what are the implications?
The new GDPR legislation aims to improve security of private individuals’ data, so a robust system for data protection and backup is key. If you suffer a data breach you must notify the Information Commissioner and all those affected by the breach within 72 hours. All organisations whether inside or outside the EU, need to comply if they process personal data for EU residents. Failure to comply after the new rules come into effect, could result in a fine of up to 20 million euros or 4% of annual company turnover, whichever is greater.
What is required for the new GDPR?
The new GDPR regulations require a review of company policies and security practises. It will involve an evaluation of how personal data is controlled, stored, processed and the security measures in place to protect the data. Organisations are also required to become more transparent in the way they use and collect data. It will also be necessary to inform and train staff, so they fully understand the implications of the new regulations, which may also mean employing a Data Protection Officer.
How do I become fully GDPR compliant?
Firstly, identify what personal data you have stored and where it resides. This could be in many different locations.Secondly, review how the personal data is gathered, used and accessed. Thirdly, put security controls in place to reduce the risk of a data breach. Put measures in place to detect and respond to data breaches. Then finally, keep the required documentation to manage data requests and breach notifications.
What can I do to prepare?
We can assess your security requirements and deploy cost-effective IT security measures to protect your data from the threat of hackers and malware. If you’d like to discuss how M2 can help you prepare for the GDPR, speak to a member of the team on 01293 871971 or email firstname.lastname@example.org.