The General Data Protection Regulation (GDPR) will come into place on the 25th May this year and organisations will have to comply with the new rules or risk themselves facing substantial fines.
The UK currently relies on the Data Protection Act 1998, a regulation introduced in a very different time regarding the internet and technology. The new regulation will tighten up cyber security and consider new technologies.
In a recent survey, 23 per cent of business owners thought they did not need to securely store and encrypt customer data, 13 per cent did not know whether they did or not, and 26 per cent believed their data was secure but admit it was unencrypted.
A worrying statistic from the data showed that, despite 73 per cent of business owners stating they collected personal data about their customers, only 27 per cent believed GDPR applied to their business.
The research suggests that many business owners may be confused as to how GDPR will affect their business. There are two main reasons that the new regulation is being introduced; to simplify and merge regulations for businesses across the EU, and to give the public more control over their personal information. There are key steps you can take to make sure your business is prepared for its introduction.
- Do your research into the new regulation to fully understand the changes and how your business will be effected. A starting point could be to audit where all your customer data is collected and stored and make sure this complies with the new rules.
- Under the new GDPR, you must ensure you ask people to positively opt-in at the point of data collection. You must also be explicitly clear about how you will use the data and who you will share it with, as well as informing people of their rights to withdraw consent to use of their data. Make sure you don’t use pre-ticked boxes, or any type of consent by default.
- Make sure you inform your customers about the changes that are being made so they are fully aware of how their information will be stored. You will most likely need to update your privacy notices to cover the GDPR.
For more information on how your business will be affected by GDPR, check out the GDPR Portal.