In an attempt to standardise the way organisations store and use personal data, GDPR is coming into force on 25th May 2018.
Let’s start with the basics: the General Data Protection Regulation is a piece of legislation passed nearly two years ago that had a 25-month transition period written within it. It focuses on personal data transfer inside and outside of the European Union, with an aim of standardising the way that businesses can store and use this information.
The key clauses focus around the necessity of consent from an individual for an organisation to be able to hold their data, how that information is stored and used, the employing of a Data Protection Officer and their duties, and the design of new software or services that must now be implemented with privacy in mind.
This pertains to any organisation that deals with individuals based in the EU, regardless of where the business is headquartered; firms with a US parent will not be exempt.
The maximum fine for a data breach will also be extended from £500,000 to £20m, or 4% of global turnover – so the implications are certainly serious. On top of that, the reputational damage caused by a breach could prove to be irreversible. So where should you start and what should you do?
2. Work out what your data is:
i) What information on clients and customers do you store currently, where is it stored and how is it used in the business?
ii) What are your processes for maintaining confidentiality of this data?
3. Check that your data usage is compliant:
i) Establish the reason for holding data.
ii) Storage limitation – i.e. how long you hold data for and what happens to it once you reach that time limit.
If you would like to speak about hiring for GDPR compliance, don’t hesitate to contact our team.
Our next piece will focus on hiring patterns and market analysis.