The General Data Protection Regulation (GDPR) - written about, debated, chewed over and overly panicked about - is an exciting opportunity to manage your data properly once and for all.
The new GDPR regulation is the most radical change to data privacy and security legislation in the last 22 years. If you’re running a business that involves keeping data on EU residents, it’s worth making sure you’re compliant with the new regulation to avoid the fine of upto 4% of worldwide turnover. The deadline to be compliant with the new GDPR regulation was 25th May 2018, if you missed this - don’t panic - read our advice articles below.
The GDPR directive was updated to reflect the reality of our present digital era. The internet and wide use of social media for leisure (and increasingly business) has transformed how people live and work. Free services are offered to you in exchange for heaps of your personal data. Tricking you into accepting baffling terms and conditions used to be enough to collect and store personal data but from now on companies can’t do that without consequences.
Reasons for the new rules are the increased number and magnitude of data breaches over the past few years. GDPR regulations aim to make types of data collected and its purpose transparent for consumers like you and me. Consent has to be easy to understand and access (hence no more “do not tick this if you want to NOT receive emails from us”). Withdrawal of permission to process any personal data must be made easy.
Data Protection Fines and Sanctions
The fine for not being compliant with certain GDPR articles could go up to €20M or to 4% of your annual revenue depending on which is greater. The potential fine is huge to emphasise the importance of securing any data you hold from breaches and cyber-attacks.
Storing your data securely must be a priority for a business of any size. You must make sure that the data you hold can only be accessed by authorised personnel. Any unnecessary data should be deleted straight away, likely in accordance with a data retention policy.
The conditions for deleting data could be twofold:
The data is not relevant anymore given the original purpose of collection
Consent has been withdrawn by the individual concerned
A person has a right to access data stored on them including how their data was collected, the purpose of collection, ways of processing, and storage duration.
GDPR regulation involves businesses of any size
Security and encryption can be affordable and simple for small or medium-sized businesses given the many helpful tools available.
Your next step would be to determine how GDPR applies to you exactly, and to identify which changes are required to become GDPR compliant asap. A security breach may happen for a number of reasons. Computer viruses, system failures or cyber attacks, to name a few. Once your device is online, anywhere at all, you should be considering how your data is at risk.
3B Digital can ensure that you are compliant both at the point at which your customers’ data is recorded and ongoing. Rest assured that if you are well aware of your data management obligations, with us watching your back, you're in safe hands.
Our Data Security Team
NOTE that 3B Digital Ltd is a technical delivery house; we are not lawyers and our advice and guidance - especially in matters relating to data security and the like should be subject to legal review and approval.