As you will probably know, the new General Data Protection Regulations will come into force on 25th May 2018. These new regulations give individuals more control and protection over their personal data and applies to all businesses in the EU who provide goods and services to the public. With the fines of non-compliance being as much as 20 million euro’s, it’s essential that as business owners we are taking steps now to prepare for the new legislation.
If you already use good, reliable & up to date systems for your data then you are well on your way to complying, and transition to the new regulations should be pretty smooth. Below we summarise what you need to do to ensure you are complying by May 2018:
- Review all of your current data protection policies and identify the data systems you are using to include CRM/marketing systems, databases, finance and HR systems. The new regulations will apply to ALL personal data that you hold. Whether that’s purchase records, mailing lists, photos or feedback forms it all counts. It might be a lengthy process but it’s essential you do it!
- Identify how you are currently using your personal data and what you are using it for. When the new regulations come into force, people will be able to request their data is erased if it is no longer relevant for its original purpose. Individuals will have rights to access their data so you need to make sure you are clear on what you are using it for.
- Check that you’ve obtained consent for each individual personal data record that you hold, including how you obtained it and the date you obtained it. You must be able to show why you are collecting their data as people will be able to object to their data being processed or request a copy of it at any time.
- The authorities and your customers must be informed within 72 hours if there is any risk of a data protection breach of any personal data.
- All your staff must be trained on the new regulations so they are up to speed. Individuals will have the right to ask for a copy of all the data you hold on them, so make sure your staff knows where to find it!
- If your business has over 250 employees, then a Data Protection Officer must be appointed.