Have you heard that the GDPR (General Data Protection Regulation coming into force in May 2018) will stop dentists ringing patients to remind them about appointments, that cleaners and gardeners will face massive fines that will put them out of business and that the Information Commissioner’s Office (ICO) will deliberately impose big fines to help fund their office?
Not everything you read or hear about the GDPR is true. None of the above is. Unfortunately, there’s a lot of fake news about the GDPR out there masquerading as truth, spread by rumours, gossip, and those deadly ‘twin sisters’, misinformation and misunderstanding.
It’s true that getting ready for the GDPR is a ‘must’ for any organisation, but what does that mean? The challenge of finding out what you need to do, even where you need to start, can seem huge. And finding the time and resource to do this (while continuing with ‘business as usual’) can seem like an overwhelming task
The truth is there is no ‘one-size-fits-all’ GDPR solution, and what you will need to do will vary depending on a number of factors such as:
The extent to which you are compliant with the data protection laws currently in force
- how much personal data you process and for which purposes, and how much of that is sensitive personal data
- whether you are, primarily, a ‘data processor’ or a ‘data controller’
- whether you use other organisations to process data for you
- your current privacy, transparency and gaining permission practices
Our advice is ‘don’t panic’! Take it step-by-step. We are working with a specialist consultancy (Datahelp). They have a 5-step plan – it’s been designed to take your business from where it is now to where it needs to be by 25 May 2018 – and beyond. As well as consultancy services, Datahelp offer workshops on the GDPR and how to prepare for it, including staff awareness training if required.
Are you ready for the GDPR?
New regulations concerning the handling of personal data (names, contact and bank details, etc.) will come into force in May 2018. The General Data Protection Regulations (GDPR) will supersede the Data Protection Act. The new regulations are being introduced to keep pace with developments in digital technology and will be seen by the majority as a toughening up of legislation.
- 200 pages of regulations!
- Greater rights for individuals including the right to be forgotten and easier access to information held
- Consent to use personal data will need to be explicit, i.e. clearly given through positive action on the individuals part
- To comply organisations will need to have effective data management practices and policies
- Fines for non-compliance up to E20 million or 4% of annual turnover (whichever is greater!)
Although the focus in terms of compliance is on possible fines, the reality is that reputational damage is an even greater risk with breaches of data security and handling (often marketing activity) regularly making national media headlines. The cost involved often dwarves any fine imposed.
How a workshop can help?
The aim of the half-day workshop is to provide delegates with an understanding of the key points and changes within the GDPR. Focus will be on policy, process and people rather than on cyber security.
Content will focus on what an organisation needs to do to ensure compliance so that by the end of the workshop delegates will have constructed an action plan for their organisation.
If you would like to find out more then please contact us here or call 01920 460 211.