Having high quality data about your customers, your target audience, your suppliers and your staff will drive business growth, if it is used effectively. Managing and controlling that data, and how it is used, presents a genuine challenge for any business. That challenge gets greater from May 2018 with the introduction of the General Data Protection Regulation.
Much of the focus around GDPR is around the fines that can be imposed if you do not comply – EUROS 20m or 4% of global turnover. But there is also the reputational risk that goes with a data breach, as well as the risk that in extreme situations the Information Commissioner could impose a penalty that interrupts your day-to-day business operations.
These new rules will apply to you if you:
- keep or use personal data about your stakeholders, whether that is your customers, staff, suppliers or other individuals
- have a website that collects personal data
- (eg via cookies, an enquiry form or subscribing to newsletters)
- transfer information from within the EU to companies outside the EU – whether that is other companies within your Group, or other customers or suppliers overseas
- process personal data on behalf of another company (meaning that you are a data processor).
Fact finding, careful thinking, planning and operational implementation will all be needed. You can’t collect everything, keep it forever and worry about it later.
The Information Commissioner has made it clear that you should be well on the way to building the foundations within your organisation for compliance with GDPR including:
- Securing internal support from Board level down – you should have organisational commitment to compliance with GDPR
- Understanding what information you hold about individuals within and outside of your organisation
- Designing your processes for compliance including drafting of notices and policies, conducting impact assessments, appointing a data protection officer etc.
- Addressing cybersecurity risks and threats and
- Training your staff.
How the GDPR team at DMH Stallard can help
How much work you need to do to get your organisation GDPR compliant depends on a variety of factors such as how data rich a business you are, and how compliant you already are with the Data Protection Act.
We will work with you to get you up to the required standard – agreeing a plan for key tasks to be delivered in accordance with set timescales.
To get you on the right track towards compliance we offer:
- A business-wide GDPR Audit document which will allow you to map the flows of data into and out of your organisation, allowing you to then focus on areas of highest risk
- A privacy statement which can be used to tell your staff, customers, suppliers etc. how you will use the data you hold about them
- A training session for your managers or staff delivered by one of our Team introducing them to GDPR and considering how it might affect your business
- Consultancy services so that your Data Protection Officer or others within your organisation can get guidance from our Team on areas specifically relevant to you (up to 5 hours of support included)
- A notification of breach form, allowing you to respond quickly to the Information Commissioner if there is a data breach.
This fixed price package will give you the comfort that you are going to be well on your way towards GDPR compliance.
There may be other support and advice you need depending on your business, including:
- Reviewing internal and external policies and procedures, including privacy policies, data breach response plans, data retention policies, data protection strategies, and binding corporate rules and help you update these in line with the GDPR
- Reviewing and updating data protection clauses in your contracts with third parties (including contracts which you have in place with your suppliers and customers, as well as your employment contracts)
- supporting your Data Protection Officer (DPO) or other DPO service (if you fall within the requirements under the GDPR to appoint one).
We will help you to get to an acceptable level of compliance come May 2018, and ensure you continue to meet the required standards beyond then.
The GDPR team has produced a booklet containing a collection of articles looking at a number of data protection articles in relation to GDPR. Please click here for a copy.