Most organisations will have heard of the new General Data Protection Regulations (GDPR). And I imagine many smaller organisations are waiting to see what happens before starting to worry about implementing new policies and procedures into their workplace. Research from earlier this year by the Centre for Information Policy Leadership and AvePoint showed that most businesses are not yet compliant with many of the core principles of the GDPR, although they are concerned about its impact. 57% stated that discussions regarding headcount, budgets and additional resources had yet been had. But May 2018 and the official adoption of the new regulations will arrive pretty quickly.
Let’s start with what the GDPR actually is. The GDPR was adopted by the EU council and Parliament with a view to simplifying regulations and bringing a consistency to data protection across Europe. The GDPR is an update and replaces the previous Data Protection Directive, 1995 and in doing so this also makes it easier for Non-European businesses to comply, and opens up new opportunities to trade globally through a common framework.
What are the key changes proposed and how does this affect you?
- The painful change is fines for a breach of the GDPR are fairly substantial – running at up to 4% of the total annual worldwide turnover of the company
- Organisations must prove accountability by bringing in safeguards and changing current organisational cultures of monitoring and reviewing data
- Any organisation that targets EU citizens will fall under this new regulation, even if they are based outside of the EU
- It is vital that consent is ‘explicit’ from consumers with regards their data and it must be given freely for a specific purpose
- With data breaches constantly popping up in the news, organisations will be under obligation to report any breaches without delay or within 72 hours to the Information Commissioner’s Office
Here at Innovate Identity we have always campaigned for an individual’s right to privacy and we are pleased to see that organisations will now be required to set their privacy settings high as standard and also design data protection into the development of their businesses processes.
It is with the above and also the Privacy Impact Assessments that the team at Innovate Identity can help. Privacy Impact Assessments are to be conducted as part of the regulations when the company is undertaking risky or large scale processing of personal data. We are aware that this can be a minefield and here is where we can help. We will come in and work with your team to design a Privacy Impact Assessment that is tailored specifically to your organisation and its unique needs. We will sit down with key team members to analyse and review current and future projects and documentation to ensure that levels of risk are low. You will then have a clear report which covers all your privacy risks, suggested changes to how you operate and how to ensure you remain compliant on an on-going basis.
Starting with a Privacy Impact Assessment for your business will highlight any initial issues that could bring you up foul of the GDPR and allow you to amend your policies and procedures before the potential of a very hefty fine for noncompliance.
We are already working with global companies from small startups to large multinational companies and can ensure that privacy is designed right into the heart of your customer journey; to reduce risk and protect your customers, your data and your business.
Get in touch to find out how we can help you comply with the GDPR by emailing us at firstname.lastname@example.org