The General Data Protection Regulation (or GDPR for short) is coming into force on 25th May 2018.
This legislation will govern the collection and storage of personal data throughout the EU and it applies to you – even after we leave the EU after Brexit.
It may feel like another level of bureaucracy, but the truth is this new legislation is good news for a lot of people. With the ease of collecting data plus the ease by which huge amounts of personal information can be stored, it makes sense that the average person be given a little more control over who knows what about them.
So if you find GDPR annoying, maybe look at it through the eyes of a consumer (which you are too).
GDPR makes it harder for companies to use and abuse the information they hold about YOU.
So while there may be a bit of extra work for you to do as an employer, you are also protected by this law.
And it’s a far-reaching law where the usual risks apply.
If you fail to ensure your business is compliant, you could face hefty fines – up to a maximum of 20 million euros (or 4% of your turnover whichever is higher).
This isn’t regulation you can ignore because it applies to EVERY business – large or small.
If you hold personal data – whether that’s employees or clients – this regulation applies.
And you MUST take action to ensure you’re ready – because there won’t be any leeway and no room for excuses if the law catches up with you.
I understand. You already have too much on your plate. You don’t have time to look into this now, but hear me out.
Take action this month, and you’ll have plenty of time to get everything up and running before May comes around.
Don’t leave it any longer. You know how time quickly slips away when other pressing priorities grab your attention.
And while it may feel like a scary minefield to start with, help is at hand.
So keep reading for a breakdown of what you need to do to get the ball rolling on this crucial matter.
Three steps to GDPR compliancy
- Ensure you understand the scope of personal data
Under GDPR, personal data has a broad definition. I fact, you may be surprised about the business activities that this law covers including:
- HR records
- Recruitment, and in particular, information about unsuccessful applicants
- Customer lists
- Contact details
- Automated personal data AND manual filing systems
- Scrambled or coded personal data – depending on how easy it is to attribute to that person
Remember, some forms of personal data are categorized as sensitive (including racial or ethnic origin, sex life, and political opinions). Under GDPR, (in most cases) you’ll be required to ask people specifically if you can hold such sensitive data.
- Plan an audit
This is THE most important thing you can do.
There’s a chance the way you currently hold information is sufficient to meet the new GDPR rules, but you won’t know for sure until you conduct an audit.
To help, I’ve prepared a checklist. This covers the things you need to look over.
From assessing the data you currently hold (and whether you really need it), to identifying new processes and checks you must put in place to ensure you’re covered, this checklist will give you a solid grounding.
And if you employ 10 people or more, I’d be happy to help you with your audit – simply get in touch to find out more.
- Close the gap
With your audit complete, you’ll have a clear understanding of what you need to do to ensure your business is complaint.
This could involve any (or all) of the following:
- Introducing GDPR compliant HR software
- Writing up new policies and procedures such as how to gain consent, what happens if someone requests access to their stored data, and how to handle requests to delete information
- Designating new data protection roles and responsibilities (such as a Data Protection Officer)
- New training and delivery
GDPR got you confused?
If you’re concerned about your ability to make your business GDPR complaint, I strongly advise you to seek expert help.
Sure, there’s a lot of information out there that provides advice and guidance, but all businesses are different. If you want to feel confident that you’re covered, get in touch.
Sure, there may be some costs involved. You may need to invest in new systems and training HOWEVER these costs will be tiny in relation to a fine.
Can you afford the negative publicity or the hassle of getting caught out by GDPR?
If not, get in touch today and let’s get you compliant.