Top 5 steps for GDPR compliance
GDPR comes into force in May this year, bringing a greater focus on data security and harsher penalties for companies who don’t comply. The law, set by the EU and enforced in the UK by the ICO, focuses on transparency, awareness (i.e. knowing what data you hold), security and the rights of individuals.
The law protects personal data, which covers anything that can identify an individual (even including email or IP addresses). All companies have a certain amount of personal data, whether employee details or large scale customer mailing lists.
Now is a great time to put key security measures, processes and documents in place to avoid being exposed once the law is in place. Full compliance (if it’s even possible) is difficult. But taking a proportionate approach to get the main things in place is recommended. To help you along the way, we’ve been through what you need to do and come up with our top five steps you should take to protect your business:
1. Delete data that you don’t need
This includes old employee and customer records, old emails and information about unsuccessful job applicants.
2. Ask all of your customers for consent
You need to make sure they are happy for you to use their data for the purpose you’re using it, such as sending them emails.
It’s important you tell your customers about your security measures and what you do with their information.
4. Get in touch with suppliers
If you’re handing over data make sure they only use it in ways you’ve consented to. You should have explicit provisions in your contracts to deal with this.
5. Protect your systems
Make sure your IT security is up to scratch. It’s good practice to try and meet a recognised standard, and it reassures customers too.
The above list isn’t exhaustive but will help you get started. If you process sensitive data (e.g. on children, health or criminal convictions) then you should seek out specialist advice and we’d recommend asking a lawyer to help with any documents.
A big part of getting ready is protecting your IT systems and making sure you have the right security to protect your data. Shiftf7 help clients like you to get their systems protected every day, and we would love to hear from you.