GDPR – What do you need to know?

Three things you need to do about GDPR.

The acronym GDPR means General Data Protection Regulation and is a big Europe wide update to the old Data Protection Act of 1998.

GDPR will be applied in all EU member states from 25 May 2018.

Basically, GDPR is about protecting personal information. Loads of personal information is being collected illegally by businesses databases being either sold or being hacked. One part of this new government legislation, states that as a business, if your data is breached you must report it within 72 hours. Or, face a fine of 4% of your revenue.

4% doesn’t seem like a lot, but if you are faced with having to pay this it can be a significant cost.

GDPR the buttonOne thing some people don’t realise is that Brexit will make no difference; GDPR is going ahead no matter what else happens.

For the purposes of GDPR, Personal information is defined as, Name, address, phone number, email address and IP address. Other data, like economic, cultural or mental health information, are also considered personally identifiable information.
Anything that counted as personal data under the Data Protection Act also qualifies as personal data under the GDPR.

Individuals will also have the right to be forgotten and demand that their data is deleted if it’s no longer necessary to the purpose for which it was collected.

Who will GDPR affect?

GDPR will affect every business based in the EU that collects or holds personal data on EU citizens. No matter where they live. It also affects businesses outside Europe who also collect the data of EU citizens.

Once the legislation comes into effect, Businesses will have to ensure that personal data is processed lawfully, transparently, and for a specific purpose. Once that purpose is fulfilled and the data is no longer required, it should be deleted.

Three things to do about how you collect, store and record personal data and all processing of that data.

  1. Look at where your data is stored.
  2. Check the time that you store personal data and decide if it is still relevant? If not, you must delete it. If the individual asks you to delete it you must.
  3. Always be aware of the governance surrounding accessing of any personal data and make sure there is monitoring of who has access to that data.

To explore more ideas or to get free advice and help about complying with GDPR or anything else concerning direct mail or pick, pack and posting, contact us on 0191 4972828

Comments are closed.