GDPR preparation: 6 steps to get ready
GDPR - four letters that have been appearing everywhere over the recent months and will change everything. For those few who may be wondering what GDPR stands for, the General Data Protection Regulation is a new regulation that aims to address how data is collected, stored, and used, with tougher financial penalties for the businesses who will fall short of its obligations and standards. Coming into effect on 25 May 2018, it will be the biggest ever overhaul of data protection rules in over twenty years so it is of utmost importance for organisations to assess their business activities and make all necessary preparation to fully comply with the rules set out in the GDPR.
- Here are the steps you should be taking to prepare for the changes:
1. REVIEW HOW YOU ASK FOR CONSENT
2. OPT-IN VS OPT-OUT
Îll consent must be opt-in consent; there will not be such thing as opt-out consent. In simple terms, this means that individuals are given a genuine choice and control over how their personal data is used and take a deliberate action to opt in. You will therefore need to plan the end of pre-ticked boxes on your website as you will no longer be able to rely on 'implied consent'. GDPR states specifically that "silence, pre-ticked boxes or inactivity should not constitute consent".
3. HANDLING DATA SUBJECT ACCESS REQUESTS
Under the GDPR, individuals have the right to access the data held about them, obtain a copy of their personal data together with supplemental information about the processing, for instance the categories of data processed and the recipients. Therefore, you need to plan how to handle such requests so that you can save precious administrative time.
4. MANAGE THE DATA YOU HOLD PROPERLY
5. BEWARE OF DATA BREACHES
PwC has recently found that the number of imposed fines on companies for breaching data protection laws have been almost doubled in 2016. With GDPR introducing a duty on all organisations to report certain types of data breach, you should make sure you have the right internal procedures in place to detect, report and investigate a personal data breach. Additionally, it is worth regularly reviewing information from the ICO to keep on top of the latest updates.
6. PRIORITISE AND PLAN
GDPR is all about building trust in an era of mistrust - an evolution of the existing rules, not a revolution. You are probably confused or overwhelmed by it, but no matter how daunting the GDPR journey might look, with careful planning, project management and prioritisation, everything is achievable. This is a great opportunity for your business to review the way it processes data, restructure, reorganise and take all the necessary measures to meet the requirements of the GDPR.
If you have not started your preparations yet, you should better get started today - the sooner, the better. Chris Combemale, CEO of the DMA Group, says: "Despite high levels of awareness, with a year to prepare for the new laws, the number of businesses that believe they will be ready in time has dropped to just over half. So, if you need any help preparing for the GDPR, Tech Essence is here to help you obtain first-party data, as well as give you access to a business network of more than 600 vetted data UK suppliers.