GDPR

Everything you need to know about theGeneral Data Protection Regulation (GDPR)

From 25th May 2018, new data protection laws will take effect to give EU citizens greater control of how businesses use their personal information. With the increasing amount of data we create, capture and store on multiple devices, the old data protection laws are no longer fit for purpose, hence why these new regulations are necessary. GDPR will affect the way every company holds and uses personal and sensitive data, therefore business processes and strategies must be reviewed and amended in order to comply. When the new regulations are enforced, businesses must have recorded consent before they can use personal data or risk tougher penalties. A data breach can result in administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater.

THREE AREAS TO REVIEW

It is time to start thinking about your path to GDPR compliance. An individual or team of people need to take charge of GDPR and assess how the new regulations will affect the processes and procedures across every department. There are three areas to review: Procedure, Technology and Governance.

PROCEDURE

All employees across your business will need to identify the processes they use to gain, store, transfer and manage personal data. By identifying how and why information is used across the business, policies can be put in place to meet the new regulations. A data audit involving all employees is a useful starting point to determine where data is, what it is used for and how much of it there is.

It is everyone’s responsibility in a business to adhere to GDPR. Employees will need to be trained on new data handling policies and understand the importance of keeping to these new procedures, to avoid the fines.

TECHNOLOGY

Technology and software must be able to cope with the demands of GDPR. Organisations will need to document and report on where its data is, how it is collected, how it is stored, who can access it and what it is used for. Security measures must also be tightened to prevent the unlawful sharing of personal information, internally and externally.

Technological solutions can help to:

  • Discover the data you hold
  • Manage your data and how it is accessed
  • Protect your business from data breaches
  • Report data breaches, maintain documents and manage data requests

However, whilst there are applications and tools out there that can be used to assist and accelerate your way to GDPR compliance, these cannot be relied upon alone. There is no single solution or answer to gain GDPR compliance; it is going to be a completely different journey for every business.

GOVERNANCE

Once GDPR is in place, there needs to be a way to govern and monitor how data is stored and processed across your entire organisation. With ‘the right to be forgotten’ also a part of the new laws, someone needs to take charge of data processing operations and ensure all the criteria is met.

Companies with more than 250 employees or public authorities will need to consider appointing a Data Protection Officer; someone that can monitor the organisations GDPR compliance, serve as a contact point for all data protection queries and monitor internal processes.

USEFUL LINKS

Microsodft Dynamics 365 and GDPR

Microsoft GDPR information

Information Comissioner's Office - GDPR

Want to find out more about GDPR? Get in touch today

Submit Here