0345 121 7770
 

We're here to help. Why not speak to one of our expert advisors and see how we could help your business today

Contact us
 

We'd like to hear from you. Vivamus gravida, nisi vitae dignissim volutpat, dolor enim posuere dui,

Get in Touch Today

10 easy steps to data protection compliance

Data protection compliance is set to become more stringent with tougher penalties for non-compliance when the EU introduces The General Data Protection Regulation (GDPR) to strengthen and unify data protection for individuals within the European Union in 2018.

The GDPR substantially increases the obligations on firms dealing with EU citizens’ personal data. The penalties for non-compliance are substantial reaching a maximum of 4% of global revenue, so no company can afford not to be compliant.  GDPR also means stricter rules on the classification of what is deemed as personal data, how it’s handled and tougher more frequent auditing.

Data Protection Compliance

To help you make sure your company is on the front foot, we’ve compiled 10 easy steps to make sure your company is data protection compliant:

  1. Appoint a Data Protection Officer (DPO) – one of the requirements of GDPR is that each company names a Data Protection Officer (DPO) with direct responsibility for compliance with GDPR.
  2. Register with your Supervisory Authority (SA) – each company DPO will be responsible for working closely with the GDPR SA.  Make sure your DPO registers with them.
  3. The 91 GDPR articles – become familiar with the GDPR processes and legislative framework for data protection. Its scope and detail are extensive, so avoid surprises by being informed.
  4. Existing ability to comply – consider if it’s possible to tweak existing practices and processes to meet GDPR requirements or do you have to make significant changes?
  5. Plan ahead – make sure your company has a plan in place to be GDPR ready by 2018.
  6. Data security – evaluate the impact GDPR will have on your existing data security practices and if any changes will be required.
  7. Technology changes – determine what changes may be required to existing technology as a result of GDPR to support new data management processes taking into consideration timescales and cost.
  8. Business outcomes – scope the impact GDPR will have on your business outcomes.
  9. Continuous compliance and audit – carry out audits of compliance on a regular basis, weekly or daily.  At any point an auditor could ask your company to demonstrate compliance, and your company must be able to do so more or less immediately.
  10. Data handling equals high business risk – treat the management of your customer data as high risk and make sure it’s a topic in the board room.   Remember any data breaches will not only incur a substantial fine, but you’ll have to explain to your stakeholders and could end up with bad PR in the media.

Need help?  If your business can’t sustain a full time DPO and you’re unsure where to start just ask us.