Hyperext | Are Your Business Systems GDPR Ready?
1185
post-template-default,single,single-post,postid-1185,single-format-standard,ajax_fade,page_not_loaded,,select-theme-ver-3.8.1,popup-menu-slide-from-left,wpb-js-composer js-comp-ver-5.1.1,vc_responsive
 

Are Your Business Systems GDPR Ready?

Are Your Business Systems GDPR Ready?

As of the 25th May 2018, the laws surrounding the privacy of personal data are changing.

This General Data Protection Regulation (GDPR) is an evolution of the 1995 Data Protection Directive and The UK Data Protection Act 1998 that aims to be less of a one-size-fits-all policy.

If your business stores any personal data belonging to EU citizens, whether they are customers or employees (ex or current), which could identify the individuals then the GDPR will affect you, no matter your size or sector.

This personal data includes

  • IP addresses
  • Home addresses
  • First and last names
  • National Insurance Number
  • Medical records

 

Companies who don’t comply with the new guidelines will receive substantial fines of up to 20million euros or 4% of its annual turnover.

We pulled together a few key points based on the ICO guide to preparing for GDPR

  1. Ensure all the relevant people within your business are aware of the upcoming changes and of the impact they will have within your business

 

  1. Make a record of what personal data you hold, where it’s from and where it ends up

 

  1. Learn where your own employees’ data is stored and what it is being used for. Do you have a filing cupboard full of old CVs and contracts or do you keep it all on a database? Either way this needs to be accounted for and verified

 

  1. Identify why you’re collecting the data. There are 6 lawful bases you can refer to. Make sure to update your privacy notice to explain this

 

  1. Prepare for subject access requests. Having a proper system in place to respond to access requests will ensure you meet the new deadlines

 

  1. Check whether your current business systems already comply. Even if your business is using automated systems to handle personal data, it’s still your responsibility to make sure this is in accordance with the GDPR. CMS systems, for example, should store a history of every consent given, including the date given, the subject of consent and how the consent was given.

 

So, is your business ready for GDPR? If you’re concerned about your databases then get in touch with us to discuss your concerns

Emily Wade