GDPR – It hasn’t gone away.

What is GDPR?

 

General Data Protection Regulation – designed to protect data that relates to european individuals that is being stored by companies.

What does that mean?

 

  • It means you have to put in place procedures and documentation.
  • To make you aware of the personal data that you are storing and using within your business.
  • To make you accountable for that information. The buck stops with you (or your provider or both).
  • To make sure you protect the information.
  • To make sure you are legally entitled to hold the information.
  • To protect the people who’s data you have. It provides them with more control.

 

What does it mean for SMEs?

 

  • It means you have to become data aware.
  • Know what data you hold.
  • How to protect the data – increased protection and security.
  • Makes you ask the question – should I have this data and/or how long can I hold onto it for?
  • Like any regulation – Increased documentation and checklists.

 

How can you become compliant?

 

Documentation

Produce and store the required documentation (you will need this if you lose data or if your IT infrastructure is compromised). This documentation will demonstrate that you have made substantial efforts to address the regulation and will mean smaller fines in the event of a data breach.

Protect your data

Look at your data holding devices and make sure they are protected.

Phones / Computers / Laptops / Tablets / Hard Copies

Make sure the data you do have is protected (encrypted). If it is, you may not even need to report a data breach or loss of data.

Antivirus on your business computers provide a layer of protection.

Backup your data – data lose counts as a potential data breach – which can mean fines!

Your backup data should be encrypted before it leaves your computer.

You need to make sure your suppliers holding data about you and your clients are GDPR compliant.

How can I help?

I will sit down and work out what data you have.

Provide help with ways of how it can be protected.

Encrypting of devices. Encrypted backups (very important).

Protecting your networks (that includes home) from attack and infiltration.

Ensure privacy by design.

Produce the necessary documentation.

Talk to your providers and make sure they are compliant.

Train staff about security (users are the weakest link….goodbye?)

 

What happens if I ignore it?

Penalties

20 million euro or 4% of your annual turnover

Reputational Damage

This is potentially more damaging than any fine.