Are you GDPR ready?

As you will probably know, the new General Data Protection Regulations will come into force on 25th May 2018. These new regulations give individuals more control and protection over their personal data and applies to all businesses in the EU who provide goods and services to the public. With the fines of non-compliance being as much as 20 million euro’s, it’s essential that as business owners we are taking steps now to prepare for the new legislation.

If you already use good, reliable & up to date systems for your data then you are well on your way to complying, and transition to the new regulations should be pretty smooth. Below we summarise what you need to do to ensure you are complying by May 2018:

  1. Review all of your current data protection policies and identify the data systems you are using to include CRM/marketing systems, databases, finance and HR systems. The new regulations will apply to ALL personal data that you hold. Whether that’s purchase records, mailing lists, photos or feedback forms it all counts. It might be a lengthy process but it’s essential you do it!
  2. Identify how you are currently using your personal data and what you are using it for. When the new regulations come into force, people will be able to request their data is erased if it is no longer relevant for its original purpose. Individuals will have rights to access their data so you need to make sure you are clear on what you are using it for.
  3. Check that you’ve obtained consent for each individual personal data record that you hold, including how you obtained it and the date you obtained it. You must be able to show why you are collecting their data as people will be able to object to their data being processed or request a copy of it at any time.
  4. Your company’s privacy policy must be easily accessible to your consumers/clients and from May 2018 it must be forwarded to individuals where you have collected data on them from third parties (agencies, etc)
  5. The authorities and your customers must be informed within 72 hours if there is any risk of a data protection breach of any personal data.
  6. All your staff must be trained on the new regulations so they are up to speed. Individuals will have the right to ask for a copy of all the data you hold on them, so make sure your staff knows where to find it!
  7. If your business has over 250 employees, then a Data Protection Officer must be appointed.


So if you want to comply with the new legislation, avoid hefty fines, and inspire customer trust you need to take action now. As from 25th May 2018, people will have rights to access their data, correct errors on their data or delete it altogether. Make sure you protect the personal data that you currently hold by using appropriate security measures and systems. These changes are said to be the strictest data protection rules in the world, so make sure you comply!