Your GDPR Questions Answered
The new General Data Protection Regulation (GDPR) comes into place on 25th May, 2018, giving companies less than one year to prepare. With the introduction of so many new regulations, understanding the GDPR can be confusing. With that in mind, we’ve listed common questions and answers so that your company can become GDPR compliant.
Who does it affect?
As with the current Data Protection Act, the GDPR affects all companies and industries, both in the private and public sectors that process personal data.
When does the GDPR come into action?
The GDPR will come into action on 25th May 2018. Britain’s exit from the European Union will not affect this.
What action does my company have to take?
Under the GDPR, as with existing regulations, all companies who handle personal data must have security controls in place to ensure the safety of this data. The GDPR is a good opportunity for companies to review and tighten these measures to ensure maximum data security.
In some cases, the GDPR requires companies to appoint a Data Protection Officer (DPO). This independent officer is responsible for highlighting concerns about the company’s data protection compliance and reporting these directly to company management. A DPO is an effective way of demonstrating your commitment to data protection.
SDR are experts in providing customised document storage, scanning and destruction solutions for all documents and IT equipment. You can be assured your data is handled securely and that your organisation is ready for the GDPR.
For more information on what your company needs to do to get GDPR compliant, read our 5 Steps To Prepare For The GDPR.
What are the rights of clients?
Citizens of UK countries will gain greater control over their personal information under the GDPR. They will gain the right to be forgotten, the right to know when their personal data falls into the wrong hands, the right to be informed about the purpose of any data processing and will be asked for explicit consent before a company can process their information.
Abiding by clients’ rights is not only the law, but will also increase customer trust and improve overall customer-company relations.
What happens if there is a data breach at my company?
You must notify your company’s supervisory authority within 72 hours if any data breach occurs and you may have to notify customers.
In the event of a data or compliance breach, the ICO can impose fines of up to €20 million or 4% of group worldwide turnover, whichever is greater, against both data controllers and data processors.
The GDPR massively affects how you must handle, dispose of and store personal data. It is best to devise and implement a clear, company-wide plan that details how you manage data in order to comply with the GDPR to avoid data breaches. SDR can assist with all of your needs contact www.sdr.co.uk 0800 037 7777.