Are you GDPR Compliant? (Interview with Local Consultant)
9th Oct 2017
Lately, the topic on everyone’s LinkedIn newsfeeds is the General Data Protection Regulation, or to call it the more familiar acronym GDPR.
If you’ve never heard of it, it’s easy to ignore, especially if your boss or Senior management have not begun preparations for this new legislation which becomes law next May. For others in senior positions, it’s easier to say it’s just another regulation that will hardly affect the way business is conducted. However, the ICO, who regulate GDPR, has announced that this is different, and businesses should be ready for when it goes live in 2018. The fine announced with the new GDPR legislation is up to 4% of company’s turnover if there is a breach.
Approaching in May 2018, the Council of the European Union and the European Commission aim to strengthen and unite data protection for all individuals. This means ensuring your consumer and client data is protected. Could you say that your company’s systems and processes are GDPR compliant?
Breaking this down to what it means for you, do you think your CRM system, data storage systems such as Dropbox®, Gmail® or other systems that are used daily are GDPR compliant?
At Corvus, we’ve taken this warning seriously and taken real actions to ensure Corvus are GDPR ready. Recently, we held a breakfast seminar to ensure local Belfast businesses were aware of this upcoming legislation. For some, it was an eye opener of the extent of the challenge to ensure their company’s data meet the new regulations.
Our GDPR consultant, Steven Chambers spoke at the event, find out what Steven recommends in our interview on how to start preparing for GDPR:
Who should be aware of this legislation?
Everyone, within the EU, who gathers, controls or processes data (information) about people. Companies based outside the EU but dealing with partners within the EU will also have to comply to gain access to data.
2. What makes this legislation different from others?
GDPR provides a common, minimum, standard legislation throughout the EU that governs data protection: countries can add to the legislation. It gives additional rights to people about how their personal and sensitive information is gathered, secured, accessed and destroyed.
3. What do you recommend professionals or businesses doing to start preparing and learning about what the GDPR means for them?
The key steps are to understand what information you do hold, how it is gathered and the consent you have for its use, its veracity and currency, its security and sharing arrangements. Along with these steps, you need to consider the compliance of any cloud computing storage you use, how you maintain control of that information and the degree of encryption required.
4. As we are based in Northern Ireland, people may ask does Brexit have an effect on this GDPR legislation?
None: GDPR was incorporated into UK law in April 2016 and will remain valid under the proposals to carry existing EU legislation into UK law post-BREXIT under the “Great Repeal Bill”
5. Many people would underestimate how GDPR will affect their business to put it in perspective, how long do you think it would take a SME to be prepared for GDPR?
A business could be ready within 6 months without much impact on their core business. Of course, they can leave it to much closer to the full implementation date, but they risk having to prioritise their activities and redeploy resources.
6. What benefits do you see GDPR having on businesses and new communications in business?
GDPR brings benefits in confident clients, accurate data, more secure information systems and a reduced risk to reputation. The use of information and its sharing will be more secure with security designed into systems rather than “add-ons” after its adoption.
For more resources on being GDPR compliant please visit www.ico.org.uk or if you missed our breakfast seminar in Ten Square, please email us to request a video of the event or PowerPoint.
Steven Chambers CMC CMgr FIC FCMI FInstLM MSET