GDPR and Your Business09 June 2017
Earlier this year, on the 6th of March, the Information Commissioner Elizabeth Denham explained how the new legislation will protect consumers’ information at the ICO’s annual Data Protection Practitioners’ Conference.
“If your organisation can’t demonstrate that good data protection is a cornerstone of your business policy and practices, you’re leaving your organisation open to enforcement action that can damage both public reputation and bank balance. But there’s a carrot here as well as a stick: get data protection right, and you can see a real business benefit.”- Elizabeth Denham
According to the ICO’s website, the new General Data Protection Regulations (GDPR) will ensure that all UK citizens benefit from more rights or more stringent rules around;
- being informed about how their data is used
- data portability across service providers
- being able to erase or delete their personal information
- having access to the personal data an organisation holds about them
- being able to correct inaccurate or incomplete information
- automated decisions and profiling.
GDPR and Your Business
For both SME’s and larger businesses, the preparation really does need to begin now. The new GDPR mean that organisations are going to have to adhere to much more stringent rules when it comes to data and privacy rules when it comes to personal data.
Before the deadline of May 2018, they will need to have;
- Carried out an audit of their current data protection practices
- Documented all information held
- Put in place plans to ensure that all data collection procedures will be GDPR compliant.
Smaller businesses in particular may find the amount of work involved in these tasks very daunting and may well not even have the skills available to complete the work. Now is the time for these companies to seek help and advice from third party sources or consultants as failure to do so could result in fines of up to €20m or 4% of global annual turnover, whichever is greater. The rules are very clear that no matter who is responsible for the breach, be it a vindictive ex-employee or a malicious cyber-attacker, it will be the company that pays the price. Not only could this be a massive hit financially, the company’s reputation could also suffer irreparable damage.
If you are confused about the new GDPR and how it may apply to your organisation, want help with auditing or need assistance complying with the new regulations, call solved hr on 07714 790024 or email firstname.lastname@example.org and we will be happy to help.