GDPR: Is Your Business Ready for May 25th 2018?

On 21st Feb 2018 I attended a GDPR seminar with Decisive:it and Whiting & Partners. I am keen to share the knowledge I gained from this very informative seminar. I am pretty sure it will help your business in some way.

What does GDPR stand for?
General Data Protection Regulation (Previously Data Protection Act 1998).

What is the Purpose of the General Data Protection Regulation?
The purpose of the General Data Protection Regulation is to make companies large and small responsible and accountable for all data stored within your business. That means every single piece - including that stored on paper and electronic data.

What Businesses are Affected by GDPR?
If you answer yes to the following questions, GDPR affects you and your business:

• Do you store your customers’ contact information?
• Do you manage personal data on behalf of customer(s)?
• Do you create invoices with customers’ details?
• Do you send email marketing campaigns to your customers?
• Do you have a website with a contact form or newsletter sign-up form?
• Do you have an existing data policy? Is it up-to-date?

How Do I Get Compliant?
There is a very short time to get compliant - between now and 25th May 2018 (even though the new policy was released two years ago!). The consensus is that if you already have a data policy, as long as you are making steps to upgrade it to the new regulation you won’t have ICO knocking at your door. Similarly, if you don’t have a data policy in place, start work on it now. You need to show that you have made a good start by 25th May 2018.

Brief Guidelines For Creating Your first Data Policy?
If you are a small business, you need to create your own data policy document that describes:

• The types of data you hold
• The volume of data
• Whether it is sensitive, high or low risk data
• How you obtained your data
• Why you obtained it
• How long you plan to retain it for
• Where you store it e.g. what software and what hardware you use

You need to show you understand how to keep your data safe and the risks your business administers by holding the data. You also need to show that you know how to report any data loss if you have a data breech.

Support for GDPR:
The Information Commissioner’s Office (ICO) has many resources to help get you GDPR ready.

• GDPR: 12 steps to take now
• Getting ready for the GDPR checklist