BECOME GDPR READY
Is your business GDPR (General Data Protection Regulation) ready?
This new piece of EU data protection law – the General Data Protection Regulation – represents a huge shake up to the way businesses of all sizes are required to locate, manage, record and protect personal data of the individuals they do business with. It’s all change on 25 May 2018, with no transition period – and the potential is business-crippling fines if your organisation is found to be non-compliant.
GDPR explained in under 60 seconds
Key changes introduced by the GDPR
The GDPR will supersede the current Data Protection Act (DPA) and will extend individuals’ data rights.
A number of key changes to data protection law:
It broadens the definition of ‘personal data’ to encompass an individual’s mental, economic, cultural and social identity.
It changes the rules for obtaining valid consent when collecting data. Consent must be given by a clear and affirmative action.
It mandates the appointment of a data protection officer (DPO) for certain companies.
It requires data protection impact assessments (DPIAs) for organisations that undertake high-risk data processing activities.
Data controllers will have to report a data breach within 72 hours of discovery.
It gives data subjects the right to be forgotten.
Parental (or equivalent) consent to process children’s data.
With organisations facing significant fines for non-compliance (up to 4% of annual global turnover or €20 million – whichever is greater), it is imperative that all employees, including senior executives / decision-makers, understand the basic requirements of the new Regulation and how it will affect them.
What is your current position with GDPR compliance?
A critical factor in starting a GDPR project is understanding your current GDPR compliance position. We work through a GDPR Gap Analysis of your organisation’s current level of compliance with the Regulation, where this helps identify key areas that your organisation must address, such as DPO requirements, data protection impact assessments (DPIAs), incident response and data breach notification, and subject access requests.
Develop policies and procedures in compliance with the GDPR
GDPR requires organisations to implement appropriate technical and organisational measures to protect data subjects’ information. SMEs often lack the in-house expertise and resources to develop policies in compliance with GDPR, so pchelpcentre will assist in developing critical documents needed for GDPR compliance.
Call us on: +44 1582 672606 today or email: firstname.lastname@example.org to discuss a no-obligation quote or arrange a GDPR assessment.