GDPR is almost here. Are you GDPR ready?
GDPR introduces a single set of rules for how organisations handle the personal data of all EU citizens. It extends the scope of Data Protection legislation and demands a much higher level of transparency and accountability for how personal data is collected and used (processed).
Supervisory Authorities charged with monitoring compliance, will have greater powers to fine and censure organisations that don't comply- up to 4% of global turnover or €20million.
It's a big deal and no enterprise can afford to do nothing.
What is GDPR?
The biggest shake-up of Data Protection legislation in 20 years takes effect from the 25th May 2018. The General Data Protection Regulations (GDPR) increase your legal obligations as an organisation that processes personal data and hand individuals back control over how and why their data is used.
If you're not sure what it's all about or want a simple explanation to help you understand if and how it applies to you, read on to find out more. GDPR is your data protection licence to operate and you can't afford to ignore it.
Do you know about GDPR?
If you process personal data about any individuals based in the European Union (including the UK), regardless of where you're based in the world or the size of your organisation, GDPR applies to you. And if you're based in the UK or deal with individuals based here, don't make the mistake of thinking Brexit will save you from GDPR. It won't. The UK Government has already indicated it will incorporate GDPR into national legislation when the country leaves the EU.
There are no exceptions- so whether you're small or large, public or private, charity or social enterprise, if you process personal data you will need to get ready for GDPR.
Who does it apply to?
What should you do?
Don't ignore it. Not only is it a legal requirement, it's also about demonstrating to anyone whose personal data you process- customers, suppliers, donors, sales leads, employees, etc that you handle their personal data responsibly. It's about trust which once lost is hard to get back.
There are 10 steps you can take to get GDPR ready.
1. Make the time and effort to understand GDPR and what it's about
2. Brief others and bring them onboard
3. Identify a lead person on data protection
4. Conduct a personal data audit
5. Decide if you are a data controller or a data processor
6. Establish your lawful basis for processing personal data
7. Review your existing data protection policies and processes
8. Create the necessary audit trail and documentation
9. Ensure everyone understands their obligations
10. Put in place a process to regularly review your data processing and adherence to GDPR
Find out more about each step in my recent blog post 10 key steps for every SME in the race to get GDPR ready.
I've created the GDPR Preparation kit to help you through all 10 steps and give you a way to get GDPR ready quickly and cost effectively.