A recent YouGov survey revealed that although there is less than a year until GDPR, just 29% of UK businesses have started preparing.
Does your business fall into the 71% who are yet to kick start their GDPR preparation? And if so, what are you going to do about it, and when? Do you need to roll out training across your organisation? Do you need to change how you handle your customer database? It’s serious business. And non-compliance means there’s a chance of severe fines from May 2018.
So, what can you do?
- Don’t panic. There’s still 8 months left before enforcement of the regulation begins, but if you haven’t started your preparation, you don’t know how big the job is that awaits you. Play it safe, act today.
- Learn about what is needed and how it affects your organisation. In today’s digital world you’re highly likely to be handling personal data in some capacity and it’s critical it’s managed legally. The ICO has lots of useful resources that detail what GDPR conformance looks like.
- Audit your data and establish what changes you should be implementing.
- Clean up your data. Following your audit you should have a clear idea of how your data is held, how it’s managed and how you need to update or restructure your data to comply with GDPR. In June, Wetherspoons deleted their entire marketing database and started from scratch. You might not want to take such drastic action but the outcome is clear. Moving forward they can now be fully confident that they started from a position of compliance.
- Update lead gathering techniques with clear, affirmative ‘opt in’ options and ensure there are no processes where consent is assumed. Consent is an absolute priority.
- Train your team so they know exactly what GDPR means and what they must do to fulfil data management requirements… whether you’re the boss or receptionist, everyone needs to be on board and aware of (at the very least) the fundamental changes. Could Me Learning’s GDPR e-learning courses help?
- Data breaches. Will you be able to notify the relevant supervisory body of a data breach within 72 hours of you becoming aware of it, as required by GDPR? How will you handle a breach, should you experience one?
- Right to be forgotten. Under the GDPR, every individual will have ‘the right to be forgotten’. Can you implement this with your systems as they are today? If not, what do you need to change to ensure you’re able to react to a request?
- Data Protection Officer. If you employ more than 250, or are a public body, then you will need to employ a Data Protection Officer to manage the data protection processes, data management and compliance under the GDPR.
There is much more to GDPR than what has been listed here and in many cases it will require a strong culture shift throughout an organisation, so that data is respected and handled correctly.
The more you understand, the less painful the transition will be.
Do you have a question?
Whether it is a technical question or a sales enquiry, our helpdesk and sales team will be happy to help.