Wandsworth Chamber Helping Members Achieve GDPR Compliance
What is GDPR?
The General Data Protection Regulation is a new set of rules that governs the privacy and security of personal data and replaces the Data Protection Act.
GDPR will apply from 25th May 2018 and from this date, all companies must be fully compliant.
Any fines imposed for not being compliant are required to be effective, proportionate and dissuasive and can be up to 20 million Euro or 4% of turnover, whichever is the greater.
The definition of 'Data' is more detailed than before and includes online identifiers such as IP addresses.
GDPR applies to both automated personal data and to manual filing systems where personal data are held.
In summary, if you keep any customer or staff records you will need to comply with the new rules.
For processing of data to be lawful under GDPR, you need to identify a lawful basis before you can process the data. You need to identify the lawful basis for the processing and document it, before the processing takes place.
You are expected to put in place comprehensive but proportionate governance measures and in some circumstances, privacy impact assessments and privacy by design are legally required.
These measures are aiming to minimize the risk of data breaches but will mean that more policies and procedures are required.
How can Auditel help your business?