The General Data Protection Regulation (GDPR) will become law on 25th May 2018. This is the biggest data protection shake-up for twenty years and impacts every organisation in the world that processes the personal data of UK and European citizens.
GDPR is designed to strengthen individuals’ rights and give them greater control over their data. Data breaches and data theft … and the catastrophic publicity that goes with them … are now everyday events. Just ask Morrisons, Talk Talk, eBay, Altzheimers Society and VTech. Under GDPR, these, and all other organisations will face fines of up to 4% of worldwide turnover or 20 million euros (whichever is higher).
The onus is on Boards, individual directors and management to understand and comply with the Regulation, and to make the critical changes required to the way in which organisations handle personal data. And the clock is already ticking – there are only 24 months available to make the vital procedural, technical and resource changes required for compliance.
The first issue is to understand exactly what personal data you hold. This is not always simple. Data’s a bit like a river, and sometimes the flow can just be too fast to control. It may flow down the main stream, pause in a deep pool, join another river at a junction, then wander off down tributaries, streams and burns, and disappear – only to bubble up unexpectedly in the middle of an isolated moor. Like a river, data can be full of good and exciting things, or stagnant and disgusting.
It is essential to know what personal data you hold, where it is held, where it came from, how it was collected, what evidence you have that it has been collected and processed legally, with whom it has been shared (internally and externally), on what terms it has been bought or licensed, whether and where it has been archived or deleted, and who is responsible for its safekeeping.
Until all that information is in place, there is no chance that you can keep it clean, up-to-date and protect it from external or internal threats. And there’s absolutely no chance you can comply with the Data Protection Act as it stands now – let alone GDPR.
Data Compliant has developed a quick GDPR Compliance Checker – if you’d like to know more about where you are compared to where you need to be for GDPR compliance, just click here, answer the questions, and we’ll send you a free report, including: