GDPR compliant checklist data protection for dummies.
It’s already here. The General Data Protection Regulation (GDPR) is about to take effect, are you prepared?
The rules and regulations will affect anyone and everyone holding or interacting with data attached to consumers in the UK and the whole of Europe. The major aim of the regulations is to give consumers more control of their personal data held by companies/ businesses.
As a company, this rules must be followed otherwise you risk 4% of your yearly turn over in fines.
Who is affected by the GDPR? All companies/ businesses. Why?
Because the regulations are meant for any business or company that handle, store, capture, share or handle personal data whether it’s for your employees, customers, etc.
In this post, we will cover everything you need to know about these new rules, their impact on your business, where they apply, and when they take effect. As a bonus, we will discuss how best to implement and stay safe.
Let’s start.
What is GDPR?
These are rules and regulations developed by the European Commission in collaboration with 28 other states under the European Union. The rules are meant to bring a standardized way to deal with consumer data across the European region and beyond for those dealing with data belonging to the citizen of any of the countries under the European Union.
The only exception to these rules is for those handling data pertaining to businesses.
The GDPR overrides any other data regulations in place before its implementation or adds to them. Are you learning about the new rules now? You are too late. The GDPR rules were passed back in 2016 and businesses were given a voluntary compliance window of 2 years, from May 2016 to May 2018.
The European Union argued that since the old rules were developed and implemented back in 1995, there is need to review the data regulations so as to address the consumer data needs at present.
Controller and processor.
The GDPR has outlined two important entities; the controller and the processor. The controller defines and outlines how the personal data collected is or will be used. The processor, as the name suggests, is an entity that records, holds or collects the data on behalf of the controller.
This categorization is meant to help the GDPR cover different scopes of the consumer data.
Something interesting about the GDPR rules is that consumers have the right to ask businesses, which hold their personal data, to delete it when its intended use is accomplished. Although it may seem simple, consumers have no clue of how much of their personal data is held by businesses.
Hacks and other accidental data protection breaches.
As stated in the GDPR when accidental consumers’ personal data breaches occur including hacks that compromise the privacy of the consumers’ data, businesses are supposed to immediately report the incident within 72 hours from the time they notice the breach. Another scenario that would necessitate reporting is when businesses accidentally disclose the details of consumers/ customers to another customer, e.g. through accidental emailing.
The consumer whose personal data was compromised should also be notified.
Effect of GDPR on businesses.
With such major rules coming into effect on the 25th of May 2018, the effect they will have on businesses either small or big, cannot be underestimated. At the very least, businesses will be required to review their existing data protection mechanisms.
This will include having a serious thought of how to make day to day activities to rhyme with the GDPR. For a long time, businesses all over the world have not been taking consumers’ personal data seriously. This has sometimes landed businesses in trouble. But with the GDPR everything has to be on point. No excuses.
Does the GDPR have any benefits to the consumer?
The main purpose of the regulations is to safeguard the consumers’ personal data. So, if there is one entity that is bound to benefit most is the consumers. Some of the things that will definably change are:
>How the privacy notices will be worded to give a more clear explanation of how the consumer has control of his/her data.
>Accidental breaches on data privacy will be easier to know.
>Generally, businesses will have a more cautious approach to any consumer data within their reach.
As promised earlier on, here comes the bonus.
How do you comply with GDPR?
For a business to be able to comply with the new rules and regulations, a structured approach needs to be put in place. As a business, to be able to successfully implement the GDPR, we advise that you hold onto data that you actually need. This will lower your burden since you’ll only be managing data valuable to you.
Consumer data that is no longer useful to you should be expunged from your systems.
The major things that the structure should address are the accuracy, privacy, consent, and access.
To manage all of these, businesses should have one person in charge of the data to ensure all this is fulfilled and also it will put one person liable in case any explanations need to be done. The GDPR gives business freedom to use third parties to ensure this is done.
To simplify the job of the data officer or the third party handling your data;
>Map your data.
This will involve putting the data you already have or you’re looking into acquiring into different categories for easier management.
You can consider mapping out categories like existing prospective customers, employees, suppliers, other businesses’ data, etc.
>Filter your mapped data.
This will help you answer questions like; why you are holding the data, what the data contains, for how long you wish to hold onto the data, how/where did you get the data from.
Note that data obtained from third parties should have a written consent between you and the third party.
Finally,
Consumer’s personal data will include phone numbers, official names, names, bank account details, IP address, home address, nature of purchases etc.
By following the above guidelines its time to get to work and implement the GDPR rules before the 25th May deadline. All the best.
Isaac (Ishaq Mustaqim)
Media & Local Business Growth Specialist
Meet The BULLINGER MEDIA ChatBot
