Member Article

GDPR – five things every business needs to do now

Daren Oliver, managing director of Fitzrovia IT, discusses five key essentials for businesses to ensure the smooth implementation of GDPR

With the 25th May deadline for GDPR (General Data Protection Regulation) looming, many companies are still unprepared for its potential impact on their operations and are struggling to grasp what the change in regulations really means. Whilst it may seem like a daunting prospect for many, put simply GDPR will provide one data protection law framework across the EU and new, stricter rules for hosting and processing personal data. Here are five key considerations that every business should be aware of right now …

1. Tell your staff It’s no good trying to implement GDPR if the majority of your workforce don’t know or understand the new rules, or the associated implications of not adhering to them. The sooner you act, the better. Consider investing in a training session for your staff from a GDPR specialist who will be able to clearly outline the key areas that are most pertinent to your line of business.

**2. Identify your data ** GDPR will regulate any personal data you hold and process for an identifiable natural person including names, addresses, emails, telephone numbers, bank details and other personal, identifiable information. Personal data can be classed as two types. Either ‘structured’ ¬- for example, data which is held in an organised operating system such as a database - or ‘unstructured’ data, such as emails, spreadsheets and other digital or hard copy documents. Any personal data in a company’s possession before GDPR comes into force will still need to abide by the new regulations. This means it’s important to identify as early as possible what personal data you possess and the format it is in so you can ensure the applicable rules are being followed. For companies that keep large quantities of data, particularly the unstructured variety, it may be beneficial for them to consult a professional IT service provider to help identify and extract any relevant information quickly and efficiently.

**3. Ensure your data storage is ironclad ** Protecting personal data is a key part of the GDPR regulations so how it is hosted and accessed should be top of the priority list. Copies getting into the wrong hands, lost documents and human error can all contribute to a breach in the new regulations and potentially result in a hefty fine. Limiting hard copies and knowing where electronic data is stored, who can access it, and how, will save numerous headaches. Data security and privacy are paramount, so ensure your cybersecurity software is fully up to date. It’s worth following the National Cyber Security Centre’s advice and becoming Cyber Essentials certified for additional peace of mind.

**4. Update your privacy policy ** Get to grips with your company’s privacy policy for processing personal data and make sure it is updated with any relevant changes. A privacy notice, which outlines the main points that link back to your full privacy policy, will help to keep things clear and concise and can be used in email footers, and displayed on your website.

5. Don’t panic Remember, as long as you do everything possible to abide by the new regulations and are able to fully demonstrate you are using best practice policy to mitigate data breaches and loss there should be no serious causes for concern. But don’t delay the inevitable. The sooner you get started, the better prepared you will be, and the less likelihood of slip-ups and problems further down the line.

This was posted in Bdaily's Members' News section by Nicola Collins .