Is your company GDPR compliant?
What is GDPR?
The GDPR (General Data Protection Regulation) came into force within the UK on May 25th 2018. It replaces the Data Protection Act 1998 and places greater obligations on how organisations handle personal data.
GDPR affects all UK businesses who process any information about EU citizens meaning the way you operate must comply with this new legislation.
Any organisation that collects data, online and offline, must have clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures to remain compliant.
Under the GDPR, the ICO can impose fines of up to 20 million Euros or 4% of group worldwide turnover (whichever is greater) against both data controllers and data processors.
How do I make my business GDPR compliant?
There are a number of ways to make your business GDPR compliant. From familiarising yourself with your company’s data processing procedures to security measures that will avoid data breaches, here are our 7 steps to compliance:
- GET TO KNOW YOUR DATA:
Map where data comes from, what you do with it, where it resides and who has access to it.
- SPRING CLEAN YOUR DATA:
Securely remove any data or information that is unnecessary or unused.
- SECURE YOUR DATA:
Implement appropriate security measures to prevent a data breach.
- REVIEW CONSENT GUIDELINES:
Review and amend your processes for obtaining online and offline consent.
- UPDATE YOUR WEBSITE:
- EDUCATE YOUR STAFF:
Make staff aware of your data processing policies and the importance of data protection.
- IMPLEMENT DATA PROCESSING POLICIES:
Have detailed policies for subject access and deletion requests and how to communicate a data breach.
Read more about how to make your business GDPR compliant.
Let us help you!
Secure Data Recycling are experts in providing customised document storage and destruction solutions for documents and IT equipment that will help you ensure that your organisation complies with GDPR.