Member Article

GDPR: the final countdown

The countdown to the implementation of the General Data Protection Legislation (GDPR) is now truly underway. Part of a Europe-wide effort to boost data protection and security, and to provide individuals with greater control over their personal data, many businesses will already be evaluating the way they handle sensitive data. In order to avoid potential fines and reputational damage, it is essential that organisations of all sizes take action to ensure compliance.

The process of auditing personal data held within a business and the way it is managed should begin with a review of the types of data being used and an evaluation of the systems and processes in place to safeguard it. The necessary level of security in place will depend on the type of information being stored and the degree of risk attached to it. For example, most businesses will manage employees’ bank account details for payroll purposes, with a breach of this type of personal data regarded as particularly serious by the Information Commissioner’s Office (ICO).

Under the new legislation, there is a particular emphasis on notification, with individual businesses having responsibility for notifying the ICO of any breaches. Organisations failing to do so could receive a penalty, with severe fines for businesses which suffer serious breaches due to lax data protection and safeguards. Under the new GDPR, those found to be non-compliant in the event of a breach can be fined up to four per cent of global turnover, or €20 million - whichever is highest.

A valuable resource for businesses looking to achieve compliance is the Information Commissioner’s Office website, which offers a comprehensive guide to legislation and its impact on different sectors.

It is also worth considering assigning individuals responsibility for assessing internal processes and managing compliance with the legislation, across all departments. As well as thinking about the types of personal data collected as a business (employee data, customer data or third-party data) it is also important to think about the lifecycle of this data. Considering how personal information is collected, stored, managed and processed in this way helps ensure compliance within handling procedures.

While a great deal has been written about managing electronic data in the run up to the GDPR, it is equally important to prioritise the security of hard-copy documents. Rather than using outdated systems, which send files straight to print, businesses should consider using a comprehensive managed print network. These provide users with increased control over when and by whom documents are printed, helping to minimise security risks.

Cloud-based managed print services also offer a more secure option than traditional hard-drive based systems, making it more difficult to hack print data. However, even with cloud-based systems, it is still vital to prioritise measures such as network security and access protocols.

Options such as lockable filing cabinets, archive boxes and offsite secure document storage can also play a key role in demonstrating that hard copy documents are stored in a secure manner – an important area of the GDPR. For workplaces implementing ‘clean desk’ policies, ensuring confidential data is not left around the office should be a particular focus. Similarly, when it comes to destroying documents, businesses should take time to check these meet the most recent security recommendations. Opting for cross-cut shredders over ribbon-cut machines will safeguard against documents being reconstructed, minimising the risk of them falling into the wrong hands.

Introducing a period of increased scrutiny over data handling practices and bringing severe consequences for businesses that fail to comply, the GDPR requires a fresh and meticulous approach to handling personal information in the workplace. By preparing now, organisations can protect themselves against potential penalties whilst protecting their all-important reputations.

Jacqueline Hills is legal director at Office Depot EU.

This was posted in Bdaily's Members' News section by Office Depot .