Accessability Links
By continuing to use this website we will assume you are happy to receive cookies as outlined in our cookies policy.Accept Policy

The Roc Search Blog

Your Last Chance To Get All Your GDPR Questions Answered

26 March 2018

How fast time goes. Only 9 months ago we wrote about
5 things you need to know about GDPR, The General Data Protection Regulation. And it all looked so far away. But guess what; we’re only two months from the implementation on May 25th. Are you ready? Are you compliant? Or did you leave it to the last minute?

Here is your last chance to get your most important questions answered. And then it’s up to you to get ready for it. 

Q - What is the GDPR

A - The General Data Protection Regulation (GDPR) will come into effect in May 2018. It is the biggest change in data protection rules over the last two decades. The GDPR affects all organisations. It introduces a range of obligations for companies to ensure that personal data of EU citizens is securely and effectively protected. Breaches of the Regulation can lead to severe financial penalties, bad press, damaged reputation, loss of trust from customers, loss of business and for employees the prospect of disciplinary action.

Q - Who and what does the GDPR apply to?

A - The GDPR relates to the personal data of people living in the EU. If an individual can be identified by that data then it is within the scope of the GDPR. General business data, like work telephone numbers or group mailboxes are not within the scope of the Regulation. 

Q - How do I prepare for the GDPR?

A - Before you do anything, you should do an online survey tool that highlights the key areas your organisation will need to improve upon. This online tool can be found here on the ICO web site. The ICO website also provides an online tool that assesses your high-level compliance including registration, fair processing, subject access, data quality, accuracy and retention. You can find this assessment tool here

Q - Will we need to carry out an information audit?

A – Depending on the complexity of your data, an information audit may need to be completed across your organisation or within certain business areas in order to assess the data. It will assess what personal data is held, where it came from, whom it is shared with, and what are the lawful reasons for processing this data.

Q - Do we need to record all actions taken towards compliance?

A - A requirement of the GDPR is that all actions taken towards compliance are documented. If a breach occurs you will then have supporting evidence to assist the ICO to help mitigate any potential penalties. 

Q - What are the penalties if we do nothing?

A - When the GDPR is enforced from 25 May 2018, organisations who breach the Regulations will face dramatically increased fines. From a theoretical maximum of £500,000 that the ICO could levy, penalties will reach an upper limit of €20 million or 4% or annual global turnover – whichever is higher.

Q - What do we do next?

A - Here are 9 steps that can help you in the process to become compliant:

  1. Check whether your organisation needs to register with the Information Commissioner’s Office
  2. Employee a dedicated Data Protection Officer (if required)
  3. Assess current compliance levels
  4. Carry out an information audit
  5. Devise a GDPR compliance plan
  6. Optimise existing systems and processes
  7. Document best practices for handling data
  8. Train all employees for effective data handling
  9. Record all actions taken towards compliance

Don’t ignore the GDPR. From the 25th of May, every company is expected to comply. Make sure you are ready. And don’t think that because of Brexit you won’t be impacted. One reason for this is the cross-over period between the GDPR coming into force and the UK exiting the EU. The UK must comply with the Regulation while it is still a part of the EU. Another reason is the international reach of the GDPR. UK companies continuing to do business with the EU after Brexit will need to comply with the Regulation. So over to you now. Are you ready? Did you experience any challenges that you would like to share? Why don’t you put in a comment for this?

Add new comment
Related Articles