GDPR: What you need to know – part 1
You can’t keep putting it off, 2018 is upon us
General Data Protection Regulation (GDPR) will come into force on 25 May 2018, to better protect our personal data.
If your business holds the personal data of staff, customers, suppliers and other business contacts, then listen up.Perhaps you’ve been waiting until nearer the time to worry about it. Now’s the time. No, not to worry, to do something it about it.
Where to start
Don’t panic. Regular visitors to the THP blog may have seen our earlier posts about GDPR. A non-boring guide to GDPR and 12 things you need to do before 25 May. These give a great (not that we’re biased) overview of what GDPR is and how it will affect your business.
Over the next couple of months, we’ll go into a bit more detail on the 12 things you need to do before the May deadline.
Surely everyone has heard about GDPR
Never assume. Make sure that you and your colleagues know what GDPR is and what it means. Over the next few months you’re going to need to work together to make sure you’re compliant.
You might tell people face-to-face, on a call or you could email them, sending a link to our blog! It’s important that people understand how the changes will affect your business and that there are penalties if you don’t comply.
Do you know what information you hold?
We live in a digital world now. Personal data is sent and received in huge quantities every single day. To review your data protection procedures, you need to know whose data you hold, why you have it and where it came from.
One way to do this is to map your data. You’ll look at what information you hold, where the information came from, how you got the data, how and where you store it, and who has access it. This may seem like a daunting task but in order to update privacy settings, a necessary one we think.
Under new GDPR laws, you’ll need to maintain records of how you process your data. So, if you have incorrect personal data and have shared that with another business, you’ll have to tell the other business so it can correct it. Another good reason for knowing what information you actually have.
We’ve got rights
Spend some time checking your data privacy procedure. If someone wants their details deleted from your records, what process do you follow? What do you already do and what changes will you need to make before 25 May 2018?
The GDPR includes the following rights for individuals:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- The right not to be subject to automated decision-making including profiling.
Chances are, you already adhere to many of these, so this part of becoming GDPR compliant should be relatively easy.
That’s all folks (for now)
We’ll follow up with further blogs on GDPR over the next couple of months, so stay tuned. Don’t forget, THP also needs to be fully compliant by 25 May 2018. If you’d like to know how we’re working through this, speak to your local THP with offices in Wanstead, Cheam, Saffron Walden, Chelmsford, and London City. Maybe you’ve got some ideas we could borrow too.