16th May 2018
With just over a week to go until the General Data Protection Regulations (GDPR) come into effect, are you ready for everything that these new guidelines mean for your business?
Legislation surrounding data protection has been around for a long time, but these new changes mean that data controllers and data processors must be much more aware of their increased responsibilities under the new law, otherwise they could face a variation of enforcements by the Information Commissioner’s Office (ICO), including fines of up to €20 million or 4% of their annual global turnover (whichever is higher).
GDPR requires any organisation that handles or processes personal data to create and maintain a plan to protect the data that they collect, store and use, detail a plan of action in the event of a data breach and regularly re-evaluate their security practices. They should also document all evidence of their compliance.
These new regulations apply globally to companies who process personal data belonging to EU citizens – not just companies located within the EU.
Processing Personal Data
The processing of personal data is any actions or operations that are performed to the data. Common types of personal data processing encompass collecting, organising, storing, modifying and publishing the information (however, these examples are not exhaustive).
Personal data includes:
- Past and present customer and employee information.
- Payroll and pension records.
- Any information retained on members by a club or group. For example: sports clubs or societies.
- Digital activities that are tracked by websites and apps storing IP addresses and/or cookies.
- Customer details stored by websites, including name, address and bank details.
Who’s Really Ready for the Changes?
Cybersecurity insiders, Crowd Research Partners, have carried out a survey which has resulted in the 2018 GDPR Compliance Report. This report has revealed that (at the time the survey took place) only 40% of organisations will be GDPR compliant by the deadline on 25th May 2018; with only 17% of those surveyed already fully yielding of the soon to be new regulations.
With such a small window of time left to ensure that your company is ready for these changes, why not take a look at our GDPR Compliance Checklist for Small Businesses.
For more information on GDPR and how Staff Squared is accommodating it, take a look at some of our other blog posts:
Clarisse works on our Customer Care Team to provide all of our customers with the very best care and guidance when using their HR software.