- 5 November 2018
- Posted by: Staff
- Category: Brief consultancy, Europe
If you feel like your business isn’t GDPR compliant, here’s a step-by-step guide to ensure you’re sufficiently prepared for the future.
Despite the General Data Protection Regulation (GDPR) being implemented on 25th May 2018, there are still a lot of businesses who feel that they aren’t prepped for the effects it will have on them in the future.
The Information Commissioners’ Office (ICO), who is responsible for the implementation of the GDPR in the UK, still regards supporting businesses make the transition as their core responsibility.
As a result, it’s probably why they have issued only one fine (as of November 2018) under the new regime.
However, despite this fact, you’d be foolish to ignore the significance of GDPR, as their leniency will undoubtedly come to an end after complaints and breach notifications have hugely increased since May.
So if you’re still not sure what you need to do to be compliant and are unaware of any future changes, don’t panic, here’s everything you need to know.
The state of GDPR
According to research, 63% of UK businesses believe that they are compliant. However, this does mean that there are 37% who aren’t.
Therefore, the ICO’s expiring ‘grace period’, should be taken very seriously if you feel like your business falls under the latter category.
Surprisingly, further research revealed that businesses in the technology sector are the worst offenders, with 42% stating that they aren’t compliant.
The question is; where do you fall?
Steps to ensure you’re compliant
Whether you’ve knowingly been avoiding making the necessary changes or simply aren’t sure on the whole subject matter, the ICO deem it all the same.
- Do I hold customers’ data – including their addresses, contact details, banking information?
- If so, how did I obtain that data? (Did you ask for their permission/or did you buy it from a third party?)
- When obtaining it, did they say how you can use it? (I.e. only for sending statements and not marketing purposes etc.)
- Can I prove what they agreed to?
These are just some of the questions you need to address when it comes to staying compliant.
Moving forward, you should follow these key steps:
- Carry out practical testing and find out which areas of your business aren’t compliant.
- Make a sufficient plan to rectify these issues and support the whole business.
- Conduct a meeting with every member of staff informing them about everything there is to know about GDPR.
- Reiterate the significance of failing to adhere to GDPR to your staff – including the potential fines and their employment with your company.
Whatever you do, just remember that every member of staff could be involved in handling data – not just the IT department.
For instance, a marketing professional uses the contact details of prospects to try and sell them goods or a service. While a cashier in a shop or reception is handling sensitive card information.
So you should cover every aspect of your business if you want to avoid a fine of up to 20 million euros or 4% of your global turnover.
A practical alternative
If you don’t have the time or are still unsure on what areas of your business GDPR effects, it might be worth hiring a professional.
Here at EBA, we can formulate a personalised plan based on your company’s goals to not only ensure that you’re GDPR compliant, but you still continue to generate custom moving forward.
The confusing part about GDPR is that there isn’t a definitive checklist for you to tick off. But with the right guidance and knowledge on how to create a tangible set of procedures, you’ll drastically reduce the likelihood of breaching GDPR stipulations going forward.
For more details on how to get your business up to speed with GDPR, get in touch with us today.