Hopefully you will all have heard about the EU’s General Data Protection Regulation (GDPR) by now. It was 4 years in the preparation and was finally approved by EU’s parliament in April 2016, to be implemented by May 2018, which is coming up fast! However, some businesses are still unprepared for this, and still don’t understand what it means for them. So, we’ve put together a little list of what you need to know!
No need to read all the bumf about this at all – what is means in simple terms is that the regulation is designed to ensure that personal data ends up back in the hands of the person that owns it. Also it aims to ensure that organisations are clear about how they handle personal data.
In order to conform with GDPR, you must only collect the personal data that you need. Also, you must only store it for the period that you need and no longer.
However you chose to store your data, you must ensure it is stored securely. For example, do not store personal data on a USB stick unless it is encrypted, do not leave the data on an unsecured web server etc. If you are found guilty of a data breach, the fines can be rather high, so make sure you keep it safe.
Ensure this person has been properly trained on what they need to do to ensure data security.
Treat the data you hold the same you would want your personal data held by someone else to be treated!
None of the points above should scare you, even if you haven’t done anything about GDPR yet. However, now is the time to start making sure you have good practises in place so you are not caught out when it goes live on 25th May 2018