GDPR: What's all the fuss about?

There are allegations over the harvesting of personal data from Facebook users to support a social media marketing campaign for the Republicans during the US presidential elections.

Therefore the forthcoming GDPR regulations can only be good for everyone and the subject of this week’s blog.

No doubt you’ve seen, read or heard about GDPR, but what's all the fuss about?

The General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679) comes into force on May 25.

GDPR seeks to improve the transparency and security of how an individual’s personal information is collected, stored and used, replacing the current 1998 Data Protection Act.

GDPR encompasses all businesses who deal with customers, clients or contractors who live in Europe, including the UK and will be law even after Brexit.

UK businesses must comply with these regulations or face substantial fines or potentially business owners may even face a prison sentence. There is a greater risk however of reputational damage to businesses for breaches of this new regulation.

The Information Commissioner’s Office (ICO) is the UK‘s representative in Europe and will be the regulator in the UK. Many businesses are unsure how GDPR will impact their business or what changes they need to make. The key message is don’t panic .

Will it affect my business?
If your business holds or processes personal data on anyone, (internally such as staff and externally , customers, suppliers, subcontracts and any job applicants) in the UK, or across the EU, it will be included in the regulation .

This new regulation is being created to protect individuals. In our digital world, there are increasing concerns about the theft of personal information through cybercrime.

There is the risk of incorrect data being the cause of rejection of mortgage applications, increasing junk mail and targeted scams to list but a few examples.
Companies will be held accountable and liable for regulation breaches, whether by intent or negligence.

Giving individuals back the control over what happens to their information is a key tenet of GDPR.

From May 25, consent for you to process an individual's data must be freely given, specific, informed and unambiguous.

You will no longer be able to rely on assumptions, pre-ticked boxes or silence.

People must make a positive opt-in for you to store their information and then also choose to receive information from you.
Double opt-in! You must also provide a simple way for people to withdraw their consent.

Fines will be “effective, proportionate and dissuasive”
No matter the size of your company you must comply with this regulation.

The ICO has already said that it will not be lenient .

Recently, Carphone Warehouse was fined £400,000 under the current Data Protection Act for failure to secure data relating to customers and employees, which allowed unauthorised access to over 2.4 million individuals’ details, putting each one of them at risk of abuse.

That fine could be far greater under GDPR when the maximum fine of €17 million or 4 per cent of worldwide turnover comes into force.

The ICO has been clear it does not intend to seek out and issue punitive fines to offenders come May 25; it has always maintained that fines are a last resort.

GDPR is about the safety of individuals’ data, not fines.

The ICO knows most companies want to get it right and aims to help to guide, advice and educate companies about how to comply with the law.

Where do I start?

There's still a lot to learn in a short space of time, but the fact that you’re reading this article suggests that you have already made the first step towards getting your organisation up to speed before May 25.

Right now, it is about getting your business information systems ready so you are GDPR compliant.

Security by design is a requirement of GDPR and must infiltrate every element of data control and information processing, from understanding your hardware and software to adopting the procedures, guidelines, standards and policies that an organisation has - or should have!

www.ico.org.uk is the original and best source to download the regulations in full, regular information updates and with a plain English summary of what GDPR really means.

While the information is accurate and accessible, the fact remains that the preparation still needs to be done.

One client, Kate Armstrong, MD at Blue Shadow Growth Agency, said: “It took us around 200 hours to understand and implement GDPR-ready systems for our company.

"Admittedly, we have taken a ‘belt and braces’ approach towards GDPR, given our desire to support the ethical objectives of the new legislation.”

As a result, Blue Shadow has achieved not only GDPR Fundamentals accreditation, but Kate has been registered as a GDPR Fundamentals Practitioner, the first in Cumbria.

This means Kate has been recognised as a specialist in information security and data protection and a specialist in the new GDPR Fundamental Management Standards.

Kate explained to me: “As a marketing agency, we knew we had to comply with GDPR, but it didn’t make sense to invest in our own preparations for the legislation without sharing our knowledge and experience with other SMEs who could really benefit from it.

"We know there’s no shortage of training on the subject, but we wanted to take a more practical approach by offering the more tangible elements that will make a real difference and deliver value to SMEs and our clients.

"The uptake for our GDPR audit service has been incredible and has included organisations ranging from micro businesses to medium-sized enterprises to national charities."

Want to know more?
Date for your diary: Wednesday April 18, Armathwaite Hall
Blue Shadow Growth Agency and Business Doctors Cumbria have collaborated to deliver two full-day GDPR workshops during April and May. If you are interested in attending please email peterfleming@businessdoctors.co.uk More information will be released early next week.

The May event will be based in Carlisle, date to be confirmed.

If you are looking to grow your business, Business Doctors Cumbria offer a free business health check where we can help you to set a clear vision to understand the steps you need to take to fulfil your aspirations.

Contact Peter Fleming 0845 163 1490 or 07966 686112 or email peterfleming@businessdoctors.co.uk .
Click here to view our website for other services we can offer you.