How will GDPR affect my business - Call Our Team: 0330 333 1234

How will GDPR affect my business?

GDPR, the General Data Protection Regulation, is the biggest change to the way we handle data in a generation. So, to answer the question “how will GDPR affect my business?”, here are the basics you’ll need to know:

GDPR applies to Britain, regardless of Brexit

Brexit won’t save British businesses from complying with these rules. GDPR applies to all businesses doing business with Europe and businesses which hold information about EU citizens. It is, in effect, the first global data protection law as countries all over the world do business with the EU.

The UK government has also said it will apply GDPR in the UK irrespective of Brexit.

So, we all have to comply.

You must have a data controller as well as data processors

The regulations, which come into effect in May 2018, draw an important distinction between data processors, those who use data, and data controllers.

Controllers oversee how data is held, the security measures surrounding it, and how your business’ policies and procedures are communicated to staff. They must also carry out privacy impact assessments where there are high risks of a data breach before projects are begun.

Processors are the people who perform functions using data. For example, the people who send out your marketing emails to your marketing list or the web designers who have access to the IP addresses of your customers. They could be in-house or outsourced.

Both have different responsibilities under the new rules.

So, if you’re asking: “How will GDPR affect my business?”, you’ll have to appoint a data controller and make clear who your data processors are, as well as creating a company data policy in line with GDPR.

The definition of personal data is expanded

It’s now any information which can be used to identify an individual. For the first time, that includes IP addresses and information kept in paper form. It also includes genetic information.

Consent must be sought to collect and store it and you must provide information on what you do with data and how it is stored. Silence can no longer be used as consent. If you alter the way data is used or handled, you must get fresh consent.

People have the right to see what you hold about them and to amend it, and you must tell people the timescale for holding that data.

People also have the right to be forgotten. If they request you remove the data, you must comply.

You must notify authorities of a breach

GDPR says this must be done within 72 hours, so you must have the technology to detect it quickly.

In the most serious cases, businesses will also have to directly inform victims of breaches.

Software systems must include privacy by design, too.

The penalties for mishandling data are much more severe

Now, the maximum fine under the Data Protection Act is £500,000.

Under GDPR, the maximum fine in the most serious cases is up to 4% of a business’ worldwide turnover or 20 million Euros, whichever is the higher.

So, a data breach could, realistically, lead to a business becoming bankrupt. It’s one of the major effects of GDPR on any business.

How will this affect confidential waste?

It’s more important than ever to ensure your confidential waste is handled correctly and shredded securely, both for documents and for old media such as hard drives and USB sticks.

Placing data which could be used to identify an individual in the recycling or in the general refuse could end up with your business facing a hefty fine.

Using a trusted company such as On Time Shred, with years of experience, vetted staff, and secure procedures, will help you ensure your data isn’t compromised. We also provide certificates of destruction.

Dual Media / Paper Cabinet