Published on April 9th, 2018 | by Sarah Jubb
Get Ready For The GDPR
Organisations across Europe are getting ready for the implementation of the EU General Data Protection Regulation (GDPR), the biggest change to data privacy regulation in decades. GDPR is incredibly important and will affect any organisations who process or hold personal data of EU subjects, regardless of if they are locate in the EU or not.
GDPR was approved and adopted in April 2016 by the EU Parliament and will take force in May 2018, meaning all organisations that deal with personal data of EU subjects will need to make sure they are fully GDPR compliant by this point.
According to the GDPR website, personal data is considered to be any information that is related to a natural person or a ‘Data Subject’ that could be used to identify the person, either directly or indirectly. This can mean the information can be anything from a photo, a name, social networking posts, medical information, a computer IP address, a name and more.
Tough Repercussion For Non-Compliance With GDPR
If an organisation is found to be non-compliant with the new GDPR then they can be find by up to 4% of their annual global turnover or €20 million, whichever is deemed higher. They could be fined the maximum amount for the most serious infringements such as not having enough customer consent to process their data.
For organisations who suffer a data breach that has the potential to pose a risk to individuals must be notified to the DPA within 72 hours along with notifying the affected individuals as soon as possible.
It is important for British businesses and organisations to realise that Brexit has no impact on the implementation of GDPR. If any British organisations collect data between the EU and the UK, the GDPR still applies and the UK government has confirmed that GDPR will apply. A new Data Protection Bill will apply GDPR into UK law and this will continue post-Brexit.
For more in-depth information about GDPR, look at the GDPR information available on the Information Commissioner’s Office
How Can Organisations Be Prepared?
Part of what the GDPR requires is that organisations maintain records of their processing activities which includes keeping accurate records of what personal data they hold. This can mean updating their records when necessary, and informing any other organisations that may have shared the information of updates so that they can also have correct information.
Documenting changes will help to comply with the GDPR along with its accountability principle, as by keeping accurate records of any changes they will be able to provide proof of how they are complying with data protection principles.
The BANKERS BOX range of products are the perfect way to archive hard copies of any records, allowing for quick and easy referencing in the case of a data breach as each box has a clear space to write labels. While many of the updates to GDPR may deal with electronic data, it’s important to consider paper documents as well in your data protection policy.
If keeping paper copies of documents then it is equally important that there is a simple but secure way to dispose of these records. The Rexel 60X Auto+ Confetti Cross Cut Shredder is the perfect way to do this as it has a security level of P3, allowing it to be used to shred most personal and confidential information, though high security documents should be disposed of in a more secure manner.
Here at the Post Office Shop we have a wide range of products to help with compliance with GDPR from shredders to laptop locks to help with physical security.