GDPR is almost here, could it be harbouring a nasty surprise for someone you know?
The basics you need to know about GDPR right now.
- GDPR effects everyone who holds data about Europeans and everyone in the UK. By Europeans I don’t wean EU citizens, I mean anyone whose address is in Europe. Effectively this means everyone unless you want the extra expense of two businesses one for Europeans and another for British (Yes we are European always were).
- GDPR must be in place by May 2018. I have no doubt the British Information Commissioners who have adapted and made a commitment to GDPR will not rush to levy fines up to £20m and 4% of T/O, but do you want to risk it?
- If you hold any customer data whatsoever, it is mandatory that you have a Data Protection Impact Assessments or DPIA carried out in keeping with GDPR requirements and then carry out all and every recommendation. Failing to do the DPIA is not an excuse, but an extra breach to be dealt with. Not carrying out the changes in time is a very serious offence. You don’t want to go there.
- For the majority of affected businesses, compliance will drive significant process change and in most cases anything from a little to a substantial level of IT systems change. You know how long these changes can take and how complex a seemingly small change can become when understood. Don’t wait too long.
- Like all regulatory environments, it will be critical that everything, beginning with the DPIA and thereafter is documented correctly and the documents stored and handled in the right way and of the right format and content.
- It will probably be expensive and you will need to budget for it.
- You will definitely have to train certain staff to different degrees.
- You may need to appoint a Data Protection Officer.
- People with skills and experience to deliver this work for you are scarce on the ground and high demand
- It’s already late in the day for some businesses.
Visit the office of the Information Commissioners for some useful input