GDPR goes into effect on the 25th May 2018. It applies to all businesses that collect, store and/or process the personal data of EU citizens. This means customer data and employee data.

What is GDPR?

The General Data Protection Regulation (Regulation EU 2016/679) is mandatory for all EU Member States. Adopted by the European Council and European Commission in April 2016, its objective is to unify data protection for all individuals within the EU, and improve individual access to their own personal data.

Why does it matter to businesses?

GDPR protects your company’s data against targeted attacks and security breaches. It also creates trust in your customers and employees, reassuring them that you are using their information in the most responsible way possible, which is vital in a time of heightened anxiety around digital privacy.

How do we prepare for GDPR?

There’s still time to get ready for GDPR.

Start by establishing how you process and manage data:
– What personal data do you hold? (Including employee data.)
– How do you use it and where?
– Who has access to this data, both within your business and among third party providers?
– Do you have procedures in place to take on requests from data subjects to modify, delete or access their personal data? If not, you’ll need to put procedures in place.

If you already have a data privacy policy, ensure it complies with GDPR:
– Make sure your data privacy policy is easily accessible through your company website.
– Make sure it tells your users about: a) how data is used on your site (i.e. cookies, analytics, contact forms, etc.); b) their right to withdraw at any time; c) (if relevant) your data protection officer (DPO).

Consider your web forms:
– Make sure that any online forms (newsletter subscriptions, web forms, etc.) give users an option for consenting or not consenting to the processing of their personal data.
– Make sure that you make clear exactly in what was you will use their data.
– Make sure you integrate an unsubscribe link in your communication emails to give users the option to opt-out from the collection of their data at any time.

Lastly, involve your team…

With the right understanding, your team can help ensure the effective management of individual data: know its importance, and what makes it compliant. Drawing people together to prioritise preparing for GDPR will help over the coming weeks, and set up your company for the safest, fairest use of personal data in the future.

If you need any pointers or have any questions relating to GDPR with which you think we may be able to help, drop us a line or give us a call and we’ll provide any information we can to help to make the process smoother.