Comply with GDPR by May 2018 – are you prepared?
What is the GDPR, well it’s the new EU General Data Protection Regulation, and before you think that there is no need to worry about it as we are leaving the EU, we will definitely have to comply with it as it will apply to any organisation that deals with any person who lives within any of the 27 Member States. We will also need to comply because however long it takes the UK to exit the European Union, this will potentially be several years after the regulation is implemented and our own Information Commissioner Elizabeth Denham at a conference in January said “I want organisations to think to themselves: ‘we base our online user experience around what consumers want. We shape our products and services around what consumers want. We need to shape our data protection approach around what consumers expect’.”
So it’s definitely on it way, so why is it so important? Well the main stick that the regulation uses to ensure an organisation will comply is punitive, a potential fine of up to 4% of annual global turnover or Euro 20,000,000. That’s 40 times higher than the current upper limit for fines set by the Information Commissioner’s Office (ICO) at present – ouch!
All Directors Could Face Penalties
Become GDPR Compliant With Shredded Neat
Here at Shredded Neat we have the capability to help you comply with certain aspects of the data that you hold already, once the various locations for your data have been established for the requirements of the regulation. The traditional form of data storage has been and for many businesses still continues to be paper-based, usually, in files in filing drawers, ring binders sitting on shelves and documents packed away in archive boxes, either in the business itself, or often stored offsite in secure storage.
In any event, once all the locations have been identified you have an option to decide at that stage if it makes sense to reduce the sheer volume of documentation you hold. Sometimes this can’t easily be done as most financial records have to be held for at least 6 years, or in the case of a GP’s medical records, they must be held for 10 years after the patient has died!
The review that will is required by the GDPR must also include data held on ‘the Cloud’ The computing resources managed by a cloud provider may be located outside the UK. A large cloud provider may have a number of data centres, each of which could be located in a different country. This distributed architecture can improve the reliability of the cloud service but also means that it can be difficult to know where data is being processed and what levels of security are provided in order to comply with the regulation.
Contact the Shredded Neat team
With not long to go until GDPR is implemented in establishments across the EU, make sure that you are fully complaint with Shredded Neat’s data shredding services. Call us on 0800 234 6660 to speak to a member of our expert team regarding all things GDPR, or if you prefer leave us a message online and we will call you back as soon as possible.