At up to 4% of annual turnover, the penalties for not complying with the GDPR are significant. But as the clock ticks down to the 25th May 2018 deadline, ensuring that your business is compliant is no simple matter.
The GDPR is the biggest change to data protection in a generation…so how’s your plan for change in your business going?
What does GDPR mean for you and your business?
In short, A LOT. The new legislation is aimed at bolstering the already strong data protection rules, by giving consumers (you and us) greater control over how our personal data is stored and used. The legislation is complicated and far reaching meaning that simply ignoring it is not an option.
Don’t just take our word for it, listen to the Information Commissioner Elizabeth Denham on the importance of the GDPR
What if I or my business is not compliant by 25th May 2018?
Early indications suggest that any business or individual caught breaking the rules will be liable for sizeable fines.
For example, a small infringement could see a business fined up to 10 million Euros or 2% of global annual turnover. For more serious breaches however, the fine could rise to 20 million Euros or 4% of global annual turnover.
Take it seriously. The legislation should not be ignored and the penalties for not being compliant are severe. It applies to ALL businesses of ALL sizes in ALL sectors.
The GDPR requires a significant investment of time to understand in order to apply the right course of action for your business compliance; but where to start?
Some BrighterThinking tactics
Create a project team and allocate roles, responsibilities and deadlines.
Bring together all those stakeholders who have access, control or use your customer data in to a single working group. This includes your marketing team, head of operations, customer services and even your HR team; yes GDPR even impacts how you communicate to your staff!
Communication and project leadership are key here, so ensure you have a project leader who can oversee all areas of the compliance project, scheduling regular updates and action planning.
Assess all business systems and processes.
Whether you’re a b2b or a b2c business you’ll be collecting, storing and using consumer data. This may include names, addresses, telephone, email and more personal data i.e. payment details and dates of birth. Assess each of your systems for how you are going to record, manage and store evidence of opt-in and understand what changes you may need to make.
Education. Education. Education.
Even though the legislation is coming, the implications and best-practice application to businesses of all shapes and sizes is still being determined. Therefore, it is CRITICAL that you (and your working group) not only understand the GDPR, but also stay up to date with the latest developments.
Don’t forget your staff!
As well as considering your staff data privacy, it is really important that those who manage your business data know WHAT GDPR IS, the IMPACT it will have upon their roles moving forward, HOW they can ensure they follow the rules and WHAT to do in the event that the data is compromised.
Some useful data protection resources
To get your started, here are some great resources to help you understand and spread the word about the GDPR.
- GDPR – An overview from the ICO.
- ICO internal communications toolkit for organisations.
- GDPR: 12 steps to take now.
- ICO Twitter feed.
- GDPR: 12 steps to take now.
- ICO’s GDPR helpline for small businesses.
GDPR & your business sector
View the ICO’s resources to help you comply with your responsibilities to information rights:
Need to get a benchmark of your data and GDPR compliance? These self-assessments will give you a great foundation to understanding where your focus should be:
- ICO data protection and self assessment.
- Getting ready for GDPR assessment
- FREE ICO webinars on range of topics
For more information the impact of GDPR and your business data, contact a Menzies team member for any professional advice.