The General Data Protection Regulation (GDPR) comes into force on May 25th 2018. It outlines how organisations should manage and protect personal information.
…does it mean?
It means there are no excuses for lack of security by businesses who hold your personal information.
It means that any business that holds your personal information should be fully aware of what they hold, why they hold it and how they are storing it.
It means that consumers should have more confidence that businesses are protecting our personal information and not misusing it.
It means that businesses are now obliged to report data breaches.
…do I need to do to prepare my businesses for it?
If you haven’t already you need to conduct a review of all your systems to establish what personal data you are holding. If you don’t know why you are holding the information then you need to dispose of it. If you have data on systems that it shouldn’t be stored on (eg staff emails) this needs to be remedied.
…happens if I don’t comply?
The stick with GDPR is increased fines (up to 4% of global turnover). However, what it really means as a business owner is that you evidently do not care about protecting the personal information of your customers and employees.
GDPR, in its simplest terms, is purely about doing the right thing in terms of only holding data for a specific business need and ensuring the data that you do hold is kept safe.
…difference will it make?
GDPR should be the catalyst for businesses, who aren’t already, to start taking the protection of personal data seriously and to appreciate the responsibilities they have on behalf of others.
For more information on GDPR and how to assess what your business needs to do, the Information Commissioners Office (ICO) provides free guidance and material, and the London Digital Security Centre can help you to implement it.
Sign up for our free membership scheme here.