If not, our GDPR Gap Analysis Service is exactly what you need!
What is GDPR?
Standing for General Data Protection Regulation, it is the EU regulation that brings together the different privacy and data laws in countries across Europe. It will replace the Data Protection Act, leading to a new law (yet to be announced) in the UK that brings us in line with our European neighbours.
But we are leaving Europe, so why does it apply?
No matter what shape Brexit finally takes, as businesses trading across Europe, we will still be bound by its rules, even when we have left the European Union.
What are the basics of GDPR?
GDPR is a lengthy document and it comes into force in late May 2018. You need be compliant by this time as failure to do so could lead to a hefty fine.
The basics of GDPR include;
- Awareness – there are significant changes within GDPR that everyone in your organisation needs to be aware of
- Information held – where you get your information and why you hold it, as well as why you gather it are key questions you need to ask
- Privacy information – this needs to be much clearer for your clients and consumers to understand, and staff too
- Individual rights – it is not just about the ‘right to be forgotten’ but about data portability, having inaccuracies corrected and so on
- Access requests – people may request to see what information you hold on them and you must respond and NOT charge for this service
- Legal basis – there is a change in the legal basis of how and why data is stored and when people want to access it
- Consent – a grey area in the past, GDPR is clear; just because someone consented to your holding their information last week, doesn’t mean they do so today!
- Minors – holding data for those under the age of 13 in the UK can only be done so with parental permission – and the information for children must be written in a way that they understand
- Data breaches – when there is an unauthorised breach of data that you hold, under GDPR the rules for notifying regulatory authorities is widened
- Impact assessment – when high-risk situations demand it, you will need to carry out a Data Protection Impact Assessment
- Data protection officers – larger organisations may need to employ someone with suitable experience to manage GDPR across their organisation
Fines for non-compliance
There are hefty fines for non-compliance – up to €20 million or 4% of your global revenue – thus, not being compliant, or thinking it doesn’t apply to you, is a not a risk worth taking.
And this is why we have launched our GDPR Gap Analysis Service. We take an objective, holistic approach to assessing whether your business is GDPR complaint and what needs to be done to strengthen it.
How can we help you?
If you’re in need of assistance with any aspect of GDPR compliance, here at Synergos we’d be delighted to help. Whether you have questions about the path to compliance or are looking for advice and support to maintain compliance, call 01484 817 444 or Email email@example.com and we’ll be happy to talk it over with you.