GDPR can be a nightmare for any business, big and small. The legislation was implemented back in 2018, and if mishandled can cost businesses 8% of their profits. The regulations are formulated around 7 key principles, offering a basis for data processing. As this doesn’t offer ‘‘hard and fast rules’, GDPR compliance can be difficult to navigate and unfortunately offer minimal exceptions for when things go wrong.
Contemplating GDPR in your business is already a step in the right direction on your compliance journey. We’ve compiled some advice to get you on the right track!
1. Do Your Research on GDPR Legislation, and Ensure Staff Training is Up To Date
If a consumer was to make a subject access request to your business – would you know how to handle the situation? It’s important to familiarise yourself with GDPR legislation and establish what it means in terms of your organisation. If you process any personal data, your company is required to comply. Depending on the size of your organisation, you may even be required to have a designated Data Protection Officer to monitor your activity and ensure compliance!
It’s vital for key persons within the business to understand and identify potential issues, however, staff should still be informed, remain vigilant and provided with appropriate training if necessary. Don’t forget, to ensure GDPR compliance – keep training documentation signed, up to date and filed away correctly!
The Information Commissioner’s Office offers an abundance of fantastic resources to get you and your staff thinking about compliance, and what is required from your business.
2. Ensure Your Users Are Opted-out of Automated Opting-In
Gone are the days when customers are automatically opted-in to your marketing efforts. It’s vital consumers now give consent to their data being used, hence why opt-out has become the primary option. Some organisations are even offering a more granular approach, allowing consumers to select the exact mediums they wish to be contacted. Don’t forget, users may also want to withdraw this consent – and they can, at any stage!
Offering an easy, user-experience friendly way to do this not only assists you with your compliance efforts but increases your consumers’ trust. A clear understanding of how data is obtained is paramount for all parties when it comes to GDPR, so ensuring these small changes are active can make all the difference.
3. Do You Have A Clean Desk Policy in Your Organisation?
Implementing a clean desk policy in your organisation not only keeps the place tidy but can foster positive behaviour when it comes to handling data. Simple things like locking your computer when leaving your desk, to establishing compliant methods of destroying documentation all fall into this category.
Have you considered:
- What personal data has been left after your meeting on the whiteboard/ flipchart?
- What personal data is disclosed on your calendar?
- Is your filing cabinet locked and the key kept in a secure place?
If a breach was to occur, your organisation could be in trouble. Lawpilots have some fantastic insight into clean desk policies for you to consider!
4. Be Actively Ready For a Data Breach
It’s not the most ideal situation, but the inevitability of a data breach in your organisation means preparedness is key. With around 65,000 attacks on SMEs a day in the UK, having a plan for the unfortunate situation will make it much easier to deal with.
Prior to a breach occurring, an organisation should have the appropriate risk assessment and investigation and reporting procedures in place. If a breach is to occur, the ICO expects organisations to contain it and establish the consequences to the individuals involved. Where necessary, organisations are expected to report breaches to the ICO within 72 hours of occurrence, and in some cases inform those affected without delay.
In the midst of panic during a breach, your organisation may not follow this logical procedure leading to difficulty down the line. We recommend reviewing the ICO’s advice on personal data breaches, to help you formulate a compliant action plan!
5. Bring in the Professionals
If you can’t quite get your head around it all, we understand! The legislation can become complicated, and individuals often don’t have time in their working day to contemplate nevermind implementing the appropriate changes. Finding a professional who can navigate the regulations and understand what risks your business poses can be the best preventative measure – and that’s where we come in!
Here at GDPR Defender, we can help. Our team are GDPR experts, so your customers can rest assured their data is in safe hands. From an initial audit to identify potential issues to providing assistance with necessary implementations into your business – we take you on a journey toward compliance.