Next May, General Data Protection Regulation (GDPR) will be introduced to the UK. Is your company prepared for the new legislation?
Regarded as the most important change in data protection of the past two decades, GDPR will protect all EU citizens’ data privacy, and enforce changes to ensure that organisations protect people’s data.
Million pound fines or 4% of global turnover can be issued to businesses’ who don’t comply with the new regulations. So if your business isn’t currently preparing for GDPR, now is the time to start.
- Establish how your organisation handles data
Is your company a data processor or a data controller? Not all organisations involved in the processing of personal data have the same degree of responsibility. Data controllers are liable when it comes to data protection and are held responsible for protecting it.
At the moment, contact centres focus on keeping customers’ sensitive card data safe, making sure none of their card information is stored, transmitted or processed in an insecure manner.
The new GDPR requirements require companies to expand that thinking to all personal data, often referred to as Personally Identifiable Information (PII). This includes names, email addresses, account balances and passwords – almost anything that is specific to an individual.
- Prepare your team for changes
All employers, decision makers and key people within an organisation need to know how GDPR will impact them; from day-to-day data management to the penalties received as a result of security breaches.
Carrying out regular training, both in the lead up to May 2018, and at routine intervals thereafter, will increase staff awareness of their responsibility.
Proactive preparation is key to ensuring your business is not fined under the GDPR. If you don’t have an existing data breach plan, there has never been a better time to create one.
- Update processes and procedures
The biggest change that GDPR will bring to businesses is the level of accountability they have for security breaches.
The legislation increases the pressure for companies to understand the risks which poor security measures create and take steps to reducing those risks.
In order to protect data, companies will be required to implement ‘a process for regularly testing, assessing and evaluating the effectiveness of technical and organisational measures for ensuring the security of the processing’.
Privacy must be at the forefront of all processes and procedures.