Last year, the UK government stirred business owners into a frenzy by announcing that the Data Protection Act 1998 will in May be replaced by the General Data Protection Regulation, in accordance with EU policy. The new regulation will be an update on the Data Protection Act, and it’s been a long time coming. The UK Data Protection Act was written before the internet and cloud computing transformed the way we generate, use and store data – both as users and as business. GDPR attempts to address these issues and put measures in place to protect data within new technologies. But now with just 4 months to go, it’s time to ask yourself if your business is GDR ready. Because if it’s not, you risk a fine of up to €20 million. To make sure you don’t fall foul of this, we have a few tips to help you become GDPR compliant before the deadline.
Appoint A Data Protection Lead
GDPR isn’t just a few new rules – it’s an all encompassing regulatory change, which means it impact every aspect of your business as you know it. But rather than rolling out a whole bunch of changes and expecting your staff to understand, it’s important for you to assign a data protection lead within your business to deal with questions and issues. It will be their job to create a clear strategy that fosters change in your business, be fully trained in GDPR compliance and have the authority to make changes across the board.
Train Your Staff
The next logical step for you is to train your staff. While your data protection lead will be at the forefront of ensuring compliance, everyone within the business needs to understand their obligations under the new regulation, and how they need to modify their own work practices to meet them. It’s vital that every employee is confident in their role, and understand what the regulations mean for their daily processes and interactions with customers. Training should also include discussions of exactly what should happen if a data breach does occur, and the importance of notifying the relevant parties within 72 hours.
Audit Your Processes
At the moment, your business will have dozens of process in place for how it handles data, and they will all be compliant with the current regulation. But with the changes, you will need to go back and assess every single aspect of data gathering, storage, use and destruction of confidential, personally identifiable data, and work out if anything needs to change. This full process audit will take time, and undoubtedly need multiple changes for your business. So it’s better done sooner rather than later.
Get Your Partners In Place
If you’re a small business, you might not be able to handle it all on your own. There are many businesses out there that offer services to aid you in becoming compliant. From cyber security experts who can help you manage data, to secure destruction experts like us.
At Hungry Shredder, we help businesses dispose of their confidential data in a simple, secure and GDPR compliant way. Our shredding sacks allow you to collect paperwork, hard drives and other data storage facilities, and have them collected and disposed of securely, with a certificate of destruction provided at the end. In the run up to GDPR, we are helping business owners across the country put policies in place to tackle the final element of GDPR data handling – the destruction. To find out more, just get in touch with our team today.