Are you GDPR ready?
The EU's new General Data Protection Rules come into force this May 25, and as a result, countless businesses must revise how they manage their customers' data. Before the deadline arrives, here are some tips, courtesy of Elephant Self Storage, on how best to manage the change.
4 May 2018
Does your business manage sensitive personal data? If so, you will need to get ready for GDPR and the changes this will bring to your business.
GDPR is the acronym for General Data Protection Regulation and it is a comprehensive reform of data protection that will come into effect across Ireland and the EU on 25 May 2018. It will replace the previous Personal Data Act. Any business that deals with personal information of any sort should be aware that GDPR will affect them. The incoming GDPR will include extensive data security, reporting requirements and, for companies who fail to comply, increased financial penalties.
If a data breach is suffered, businesses have a responsibility to tell those affected and the Data Inspection Board within a 72-hour deadline. If businesses fail to adhere to this deadline, the Data Protection Association can impose a penalty of 2% of the business’s annual revenue or up to €10 million – whichever is higher. Additionally, if a company fails to comply to basic principles, a penalty of 4% of turnover or €20 million, whichever is higher, can be imposed. However, the regulation does stipulate that the fine must be proportionate to the level of the breach.
So how can you prepare your business in advance of the GDPR deadline and ensure your protecting consumers data correctly? There are a number of things you can do in advance to prepare your business for when these regulations come into force.
Elephant Self Storage’s five top tips to prepare for GDPR:
- Act now. Learn about GDPR and understand how it will affect you and your business
The purpose of GDPR is to change the way personal data is collected and stored to better protect individuals’ details. Personal data includes: Name, address, mobile phone number, email address, bank account and credit card details, Driving License or Passport number. Further information including IP addresses as well as economic, cultural or mental health information will all be considered as personal identifiable information. Any document that can identify a person falls under GDPR.
- Raise awareness by spreading the word
Make sure your employees understand the importance of protecting data. It is imperative that each of your employees are fully aware of the implications of GDPR for your business and are confident in new processes that are put in place. You will have to update your policy and procedures to show customer’s how and why you are collecting their personal information. You will also be required to indicate where you are storing the information and for how long.
- Appoint a Data Protection Officer or Data Controller
If you are a public company, you will be required to appoint a Data Protection Officer (DPO) within your company. This person will be an expert in Data Protection and will be responsible for ensuring the company abides by the new regulations. There are external training courses available should you need help in this area. Most private companies do not have to appoint a DPO, however they should have Data Controllers in place in charge of data protection within the company.
- How long are you currently holding data?
As customers will be informed how long you are holding their data, you need to explain why. How long do you need to hold data and what is the max amount of time that this information is required? You will need to align clear parameters within the business and across all departments on where and how this information is stored and ensure all employees adhere to this structure. It is your responsibility to guarantee that all information on file is stored securely, whether this is a hard or soft copy, in the cloud or within a secure storage facility. You will also require access to this information within the space of one month should a customer request this.
- Storage solution for paper files
The secure storage of hard copy personal data can be a concern for some employers. While filing cabinets can be locked and offices can improve security through alarms, these facilities are not monitored 24 hours a day and thus, can be at risk to a breach of personal information. Off-site storage solutions are cost-effective.
For more details and to view the range of storage units at Elephant Self Storage, check out www.elephant.ie or find on facebook.