5 things you should know about GDPR

Posted by Alex Pavlovic on Mon, Jan 29, 2018

GDPR: four letters that you'll hear more and more over the next few months. 

You probably know that the EU's General Data Protection Regulation constitutes a dramatic change to the way businesses must handle and process their data - and it comes into force on 25 May.

But beyond that, most people scratch their heads. Here are five things you should know.

eu gdpr security

1.  It's got three aims

At its core, GDPR is really quite simple. Its three aims are:

  • To unify and strengthen the protection of personal data for EU citizens
  • To give EU residents greater control of how their data is stored and used
  • To control how personal data is exported outside the EU

Everything about GDPR boils down to these three guiding principles. Understanding how your business can fulfill these aims is the first step to compliance.

Personal data can be anything from name and address to race, religion, social media posts or even genetic and biometric data. Making sure businesses use the personal data that they possess in the right way is the crux of GDPR.

 

2.  It's tougher than the rest

GDPR replaces older legislation like the EU's Data Protection Directive or the UK's Data Protection Act and goes beyond them in a few important ways:

  • Unlike a directive, it's directly binding - so if your business is based in the EU or deals with it, you will have to comply from 25 May
  • It harmonises various sets of legislation into a single framework
  • It includes export of personal data beyond, as well as within, the EU

In short, there's no way of avoiding it and it has potentially worldwide reach. On the flip side, a single legislative framework simplifies compliance: nail GDPR, and your business has a compliant data management system that will build customer trust, strengthen reputation and image, and dodge financial penalties. Which brings us to the third point...

 

3.  It's got teeth

GDPR packs a serious financial punch for businesses found to be in non-compliance after 25 May. Fines of up to €20m (£17.56m) or 4% of annual turnover, whichever is greater, can be slapped on companies not managing personal data properly. Personal data must be:

  • Processed transparently and lawfully
  • Collected for legitimate purposes
  • Relevant, pertinent and necessary
  • Up-to-date and accurate
  • Stored only if necessary
  • Secure and confidential

If your business isn't complying with any of this - plan how to change it before May!

Some key steps to take include:

  • Creating detailed records of your data processing
  • Documenting your data policies and procedures
  • Training and informing staff about GDPR

We know how it is. You want to focus on the long term, but those short-term tasks stack up, get in the way and take up time. Trust us: setting aside some time for creating and actioning a plan now is the best approach to avoid nasty surprises further down the line.

 

4.  It will affect your business... even after Brexit

Every business with ties to the EU will be affected by GDPR. Yes, that includes British businesses after the Brexit date of 29 March 2019. 

The Queen's Speech in June 2017 highlighted the fact that GDPR, or something broadly identical to it, will remain in force once the UK leaves the European Union - so complying with GDPR is just as important for British businesses as those on the continent. 

gdpr brexit uk eu

5.  It affects everyone

The data protection officer (DPO) will be the main gatekeeper of GDPR, with tasks like monitoring compliance, cooperating with data protection authorities, and informing and auditing colleagues. But responsibility for data and information security compliance in a business falls on everyone. Let's take a look:

  • Marketing teams must get consent from those receiving marketing information
  • IT teams must guarantee electronic data security - and inform the supervisory authority within 72 hours if there's a breach
  • Customer account teams must make sure customer data is secure and relevant
  • HR must safeguard employee information
  • And so on!

Data touches all parts of a business. So getting questions answered, gathering information and putting together an action plan for GDPR compliance is absolutely vital.

Working Hard-1.jpg

 

What you should do now

GDPR will be the biggest overhaul of data protection regulation in twenty years - so get prepared.

Download our free GDPR toolkit for more information and guidance.

 

EU GDPR

 

Tags: European Data Regulation, EU GDPR

GDPR workshop: 23 February 2018

Posted by Alex Pavlovic on Tue, Jan 23, 2018

Qualsys will be hosting a full-day GDPR workshop at our Sheffield office on 23 February 2018.

Do you know your ARs from your IPRs? Can you conduct a PIA? Do you know who the data controller in your business is? If, like hundreds of businesses in the UK, you need more information about preparing for GDPR, don't panic. A Qualsys survey in November 2017 found that 87% of businesses don't feel ready

The General Data Protection Regulation constitutes the largest overhaul of data protection regulation in twenty years - and comes into force on 25 May 2018.

From that date, businesses found to be in breach of the regulation will be susceptible to fines of up to €20m (£17.56m) or 4% of their annual turnover, whichever is greater.

It's not surprising that businesses are nervous and scrambling to prepare and adapt before the big day. There's confusion and uncertainty about what compliance means and what steps to take. 

Image result for gdpr

The Qualsys team will be offering expert support and guidance to businesses wanting to inform themselves about preparing for GDPR. Whether you're a Qualsys customer or not, our doors will be open on Friday 23 February for a full-day informative workshop in Sheffield.

Come join us and learn:

  • What GDPR means for your business
  • What to do before 25 May
  • How to conduct a PIA, manage risks, handle security breaches and prepare staff
  • How to manage assets, data types, customers and suppliers
  • Ten top tips from the Qualsys team

And much more. We will provide all delegates with a free information pack (and plenty of ideas!) to take away with them. To provide the most focused and valuable experience we can, places will be limited to ten delegates only on a first-come-first-served basis.

Get the knowledge you need to approach GDPR with confidence.

The workshop is priced as follows:

£399 (Qualsys customers)

£449 (non-customers)

GDPR workshop - Qualsys ltd (002).png

What you should do now

Sign up for the workshop here

Read how our software suite helps businesses prepare for GDPR here

Tags: Governance Risk and Compliance News, European Data Regulation, EU GDPR