5 Steps to GDPR compliance with SDR
[Updated March 2019] General Data Protection Regulation (GDPR) came into place on 25 May 2018 and is designed to modernise laws that protect the personal information of individuals. It replaces the Data Protection Act 1998 and introduces higher regulatory fines for non-compliance and data breaches.
There are many things companies must do to become GDPR compliant and avoid being fined. This is where SDR can help. SDR are experts in providing customised document storage, scanning and destruction solutions for all documents and IT equipment. You can be assured your data is handled securely and that your organisation is ready for the GDPR.
Essential steps to make your company GDPR compliant
1. Get to know your company’s data
Getting to know all the personal data in your business is vital to ensuring you are GDPR compliant. Map where all of your personal data comes from and document what you do with the data, where it resides, who has access to it and any potential risks to the data. Identifying this will enable you to manage your data efficiently and securely.
2. Spring clean your data
GDPR encourages a more regimented treatment of personal data so it is advisable to clean up your data, securely removing any data or information that is unnecessary or unused. It is important to consider why you are saving your data, what the benefits and goals are of keeping all of this personal information and whether disposing of it has more financial gain than encrypting it.
Remember, personal data must be disposed of securely and safely to prevent a data breach. SDR are experts in destruction solutions for documents and IT equipment and will help you ensure that your data is disposed of confidentially and securely.
3. Secure your data
A breach of data not only contravenes the GDPR and jeopardises your clients’ trust, it could also see you faced with fines of up to €20 million or 4% of group worldwide turnover, whichever is greater. Therefore, it is vital that you develop safeguards throughout your company by implementing security measures to prevent data breaches and quickly notifying individuals and authorities within 72 hours if a data breach occurs.
4. Review documentation
Under the GDPR, pre-checked consent boxes or implied consent are no longer acceptable. Instead, companies are required to gather explicit consent from clients regarding the acquisition and processing of their data. To comply with this, it is wise to review and amend your company’s policies where needed.
5. Plan of action
Under the GDPR, individuals have a lot more control over their personal data. Consequently, businesses must have a detailed plan on how they will obtain legal consent from individuals regarding their data, how they will delete or transfer a customer’s data securely and how best to communicate a data breach. This will minimise risk to your data and build a mutual trust between your clients and company.
The GDPR massively affects how you must handle, dispose of and store personal data. It is best to devise and implement a clear, company-wide plan that details how you manage data in order to comply with the GDPR to avoid data breaches. SDR can assist with all of your needs – contact us today: www.sdr.co.uk 0800 037 7777.