It’s January, which means the countdown to GDPR has well and truly begun. With just 4 months to go, more and more businesses are starting to really worry about how GDPR will affect how their business works. At first, it was only really the finance and IT industries who were rushing around like headless chickens, but now any business owners worth their salt are doing their research. The really savvy ones might have even started putting measures in place to get ready for it. But while the big businesses are getting on board, smaller businesses still aren’t sure what to do. So today, we want to explain to you what GDPR is, and the many areas of your business it will effect.
What Is GDPR?
But first, what is this big bad acronym that has business owners panicking like this? GDPR stands for General Data Protection Regulations, and it’s essentially the EU’s answer to the Data protection Act. However, unlike previous EU directives (which countries can choose to implement or not, and how), this is a regulation. This means it will apply to all EU countries in exactly the same way. It also reaches outside of the EU to any organisation that handles EU citizen data, regardless of their location in the world. The regulation is actually already in place – we are partway through a transition period that allowed businesses to get their house in order before the regulation comes into effect on the 25 of May 2018.
The aim of the regulation is to unify and standardise data protection policies, shoring up weak spots and creating a strong base for personal data protection. The regulation provides a single set of rules for all member states to follow (including mandatory security notifications, new rules around user consent, a clearer definition of what could be personal data and greater rights for people to access and request deletion of the information companies hold on them). A special council will be created to oversee sanctions and provide guidance.
The Brexit Question
Given the political heat going around at the moment, we need to add a little (non-politically biased) note before we go on. Before you ask, yes, UK businesses will still have to comply even if Brexit goes ahead. Not only will be still be handling EU citizen data (and therefore still subject to GDPR), but the government have also confirmed that they will be passing GDPR into UK law if we do leave. So no matter what happens, you still need to prepare.
Areas Of Your Business Affected by GDPR
The mistake a lot of businesses are making at the moment is assuming that GDPR will only really affect the IT department. So they are pouring all their time, money and resources into brand new IT systems that they believe will make them instantly compliant. And while it might be true that IT will certainly be hit hardest, that doesn’t mean the rest of the business is off the hook. In fact, there are 5 key areas of every business that will be impacted by GDPR:
Legal – One of the most important areas to be affected is the legal department (if you have one). There are many different changes that will need to be made to contracts, terms and conditions, policy documents throughout the business to ensure the consent rules are being met. This also means that the legal department will have to review and possible renegotiate contracts to meet this requirement.
Finance – GDPR will hugely influence the way accounting and financial processes function within your business. Huge amounts of confidential data pass through this department every day, so you need to be sure all of your systems and policies are bulletproof. Because of the volume of data at risk, GDPR will impose heavy penalties on businesses that fail to guard their financial data adequately.
Sales & Marketing – Sales and marketing departments are the front line when it comes to dealing with and acquiring customer data. They are usually responsible for the collection of data, so the consent rules need to be carefully followed. Sales and marketing need to make sure that their teams are addressing customers who have opted in or given their direct consent to receive it.
HR – GDPR will not only impact the way the business works, but it will also improve the rights of all employees too, giving them increased safety, security and control over their personal data. Everyone in the HR department needs to be updating contracts, ensuring that everyone understands their new rights and implementing them.
IT – And of course, the IT department are the first line of defence for all of this data. The IT department is the foundation for the GDPR framework, which is why IT departments are currently running around like mad trying to get the systems updated and everything ready.
At Greenaway, we are working with businesses all over the South to help them get ready for GDPR. While we might not be able to help with the in depth technical stuff, our expert knowledge and state of the art machines can manage the secure destruction of all of your sensitive data. We can also provide certified destruction certificates, so you can prove your compliance if needed. For more information, just get in touch with us today.