0 days 0 hours 0 minutes 0 seconds
Time is ticking. From 25th May 2018, every business that holds personal data, has to be GDPR compliant. If your business is not, you could be risking a hefty fine.
Who does this apply to?
This will apply to most organisations. If you hold or handle data on employees such as Payroll/HR data and or consumer/pupil/member details then you will have to be compliant by 25 May 2018.
What is GDPR?
GDPR stands for General Data Protection Regulation and is a legislation that is being put in place to strengthen and to bring inline privacy rights and data protection across the EU.
GDPR has been written to give people more control to how their data is used, as The Data Protection Act 1998, was written before companies such as Facebook and Google, before cloud computing and the high levels of ‘big data’ usage that we have now.
GDPR seeks to make it simpler for businesses to comply as well as giving additional protection to the public.
What about Brexit?
As GDPR will take effect before the two year time frame of Article 50, the legal impact of Brexit means that the UK still must comply before 25 May 2018.
What do I have to do to be compliant?
Before the legislation comes into place, businesses have to put in place mechanisms to ensure that any personal data is processed lawfully, transparently and for a purpose.
Consent to use data has to be demonstrated as being active, therefore passive consents such as ‘opt outs’ and pre ticked boxes will no longer be acceptable.
It is advisable that businesses put in place a clear process to show that all personal records that are kept demonstrate active consent.
What is the risk?
Fines of up to 4% of global revenue or up to €20 Million Euros, or which ever is greater for failing to obey GDPR.
What is the best way to become compliant?
Get expert help. At Opal we have two options.
- We can provide you with our checklist which you can self verify which may be suitable for businesses with simple data handling and processing, such as businesses with under ten employees that don’t supply or market to the public.
- If you do handle more data than that, we recommend our verification services which will involve us carrying out a thorough audit to determine what measures you need to put in place to become compliant if you are not already. Once we are satisfied that you are, we will provide you with a verification certificate that is validated for 12 months.
In the case of a data breech and that you have evidence that you have the right processes in place and that your organisation has followed these, then you will be protected against receiving any hefty fines relating to non compliance of GDPR.
Contact us today to find out if you need to become GDPR compliant and what you will need to do to achieve this.