Are you ready for GDPR?
General Data Protection Regulation. Four magical new words added to our business vocabulary that, when muttered, will make you the coolest person at any meeting (or will make people sweat and shudder).
GDPR, as it is affectionately known, will provide one of the largest shakeups to data privacy and will affect both businesses and individuals.
Let’s start at the beginning
Unless you’ve been living in a cave for the last 12 months you’ll have heard about GDPR. In our increasingly data-driven world, GDPR is the most important change in data privacy regulation in 20 years. For the few that haven’t, here are the headlines.
– The aim is to protect all EU citizens from privacy and data breaches.
– It will harmonise data protection laws across Europe.
– It comes into force on 25th May 2018 and replaces the UK Data Protection Act 1998.
– It is still applicable to the UK, despite Brexit.
– It places greater obligations on businesses when processing personal data.
– It provides individuals with more control, accessibility, privacy and a ‘right to be forgotten’.
Why should you care, and what are the potential impacts?
If a notifiable ‘data breach’ did occur, businesses could face fines of up to either €20 million or 4% of worldwide turnover (whichever is the greater). A Data Protection Officer (DPO) will be mandatory for large businesses that process large volumes of personal data. A DPO’s primary role is to ensure that their business process the personal data of its employees, clients, providers or any other data subjects in compliance with GDPR.
Although a lot of people are unsure about GDPR and the potential impact on their business, many of the GDPR’s main concepts and principles are much the same as those in the current Data Protection Act (DPA). So, if good working practices and processes are already in place for personal data, it is likely that they will be GDPR compliant and meeting the new principles.
Where we fit in
Since 2014, we’ve been fully committed to how we manage information safely and securely. To ensure we are honouring and upholding our commitment, we are audited annually by the BSI.
Much like the rest of the business world, we’re looking at all of the processes involved in where, when and how we use data to make sure we comply with the new regulations. We’re gearing up to make sure we have everything in place well in advance of 25th May, when GDPR kicks in.
Last year we produced over 1,000,000 pieces of employee communications that used data. No matter how we utilise data to create personalised HR, benefit and pension communication, it is an integral part of our work. As a result, we have always taken the transfer and storage of client data seriously. This is reflected in our ISO27001 accreditation for Information Security Management, consistently meeting the necessary safeguarding standards since 2014.
The framework we have in place to implement this accreditation consists of procedures and policies, which include physical and technical controls to help mitigate risk when transferring and storing data sensitive information.
In a nutshell; if you look to partner with us to help create your employee communications, we will always do our utmost to ensure you are in safe hands!
Where can you go for guidance?
We are not GDPR experts – but, because of what we do, we’ve had to get pretty intimate with the legislation. If you are unsure of the changes or need to understand how these affect you from a business or personal standpoint; you can find some very useful resources below (opens in a new window):