Relieving the Burden of GDPR
By Bethany Gordon
The GDPR (General Data Protection Regulation) will change how businesses operate when it comes into effect on May 25 2018. There’s a mounting sense of panic in businesses of all sizes, which will only develop as ‘GDPR-day’ nears.
GDPR faces us with one of those scenarios whereby failing to prepare you are preparing to fail, so be careful not to develop a false sense of security.
What is GDPR?
GDPR was developed by the EU to solve the data protection issues which have formed as the internet grows.
GDPR will better protect the personal data of individuals by setting more rigid data handling rules for businesses.
While the GDPR regulations will have higher demands of companies with more than 250 employees, all companies, big and small will need to comply with new regulations regarding the secure collection, storage and usage of personal information.
Any business that fails to adhere to the core principals of GDPR could face fines as high as 4% of their global revenue.
How can I be prepared for GDPR?
There are a few things you should do now, to ensure you are compliant with GDPR before the regulations are implemented:
- Learn as much as possible about GDPR. GDPR is big news, which means there’s a wealth of information and resources available to help individuals and companies better understand what the regulations will mean for them. A list of resources we found useful are listed in the resources section at the bottom of this page.
- Get a better understanding of where your business stands. Print a copy of the following GDPR Checklist from Hubspot: https://www.hubspot.com/data-privacy/gdpr-checklist The checklist is broken down into 4 sections: Assessment; Project Plan; Procedures & Controls; and Documentation. Work through the checklist, ask questions, make notes. Every business is different but this practical guide will help you understand where your business stands in terms of GDPR compliance.
- Consider adopting ISO 27001. When GDPR comes into effect, large companies (more than 250 employees) are required to employ a Data Protection Officer (DPO), who will be responsible for ensuring a business collects and secures personal data responsibly. Small companies are not required to hire a DPO. Because of the lack of dedicated data protection personnel, it is assumed they will struggle to meet the requirements of GDPR. To comply with the regulation, and avoid crippling fines, small companies are advised to adopt best-practise standards, for example ISO 27001.
To comply with the regulation, and avoid crippling fines, small companies are advised to adopt best-practise standards, for example ISO 27001.
What is ISO 27001?
ISO 27001 is an information security standard. It is considered by many as the foremost and most secure of all the best practise information security standards.
ISO 27001 formally specifies how to establish an Information Security Management System (ISMS): which demonstrates confidence in the organisations approach to IS management among stakeholders and clients.
A business accredited with ISO 27001 will have the upper hand when GDPR comes into play, as the changes required when the regulations take effect will be limited.
While competitors scramble to make changes, the organisation that adheres to ISO 27001 can conduct its business with confidence.
Get ready, get set, go!
With this in mind, we would urge businesses not to wait for all this to pass. GDPR is coming, there’s no escaping it!
The sooner you begin preparing, the easier things will be when the regulations are implemented.
Data protection self assessment toolkit. Ico.org.uk. (2017). Available here.
Dealing with cyber attacks: Your small business will be affected. Lobel, B. (2017).
Does ISO 27001 cover the requirements of GDPR? NQA. Nqa.com. (2017). Available here.
Preparing for the General Data Protection Regulation (GDPR): 12 steps to take now. (2017) Ico.org.uk Available here.