I'm sure that most of you have heard about the GDPR by now and will have been bombarded incessantly from all directions over the past few months with advice and information relating to how you should go about getting your business prepared for the implementation of it.
For those few of you who haven't heard about it yet:
The EU General Data Protection Regulation (GDPR) comes into effect in all EU Member States on the 25th May 2018 and will supersede the Data Protection Act 1998 in the UK. The purpose of the regulation is to enable individuals to better control their personal data through harmonised data protection rules which will apply to all organisations involved in the processing and controlling of EU residents' personal and/or sensitive data. Furthermore, there will be a substantial increase in fines for organisations that do not comply, with regulators now able to issue penalties of up to €20m.
[In a nutshell]
Now you know...
Current data protection legislation is considered archaic and doesn't legislate for the social and technological advances that have taken place over recent years, such as the emergence of social media and life in the digital age. We provide our details, sometimes too willingly, without ever being fully informed as to what's happening to it, who it's being passed on to, what it's being used for or how it's being stored. In a way, the GDPR is being introduced to protect us from ourselves by forcing organisations to be more transparent about their collection, usage and retention of your data and providing more rights to you, the data subject.
So what have Swift Research been doing to become compliant? Well, we've always taken the collection, processing, storage and disposal of all types of information and data incredibly seriously. Nevertheless, the GDPR, with its many regulations, articles and guidelines, has given us the opportunity to review and tighten up all of our own processes, systems and policies. Literature has been read and webinars have been watched. Training sessions and events are being attended. Responsibilities are being attributed and checklists are being checked-off. External expert guidance has been sought and DPIA's and LIA's are being undertaken. Policies and processes are being updated. Staff are being kept informed and trained. Suppliers and clients are being checked for compliance. And, amongst the multitude of other things being done, an implementation team is, well, implementing all of the required actions. It's safe to say we've been working hard to make the required changes to become GDPR compliant in order to maintain the safeguarding of your data.
So what next? GDPR compliance is going to become an increasingly hot topic over the next few months, which might not seem possible to some of you. But it is. And it's almost here, it's not going away and it will affect every organisation in Britain, the EU and beyond.
Whether you've started getting ready for the GDPR or would like to gauge how your preparations are shaping up, I'd highly recommend working your way through the guidance and checklists the ICO have provided to prepare for the GDPR's implementation:
https://ico.org.uk/for-organisations/resources-and-support/getting-ready-for-the-gdpr-resources