The new General Data Protection regulations are to be enforced throughout the EU on May 25th 2018. If you are a business who hold data on individuals, now is the time to act and ring-fence your business from potential litigation and fines in the future.
The first step is to understand the risks in your business. List all the risks to personal data in your organisation and list how you propose to mitigate. Risks to personal data are not only limited to within your organisation but should also encompass third parties who handle, process or dispose of personal data on your behalf.
For example, if you are mass mailing a database, you must first ensure that individuals have explicitly opted in to receive such mails. If you hold excel databases containing personal information, you should ensure that these databases are encrypted and if stored on the cloud that should have a high level of security.
Another good tip is that you should conduct an audit of all the personal data you have on individuals, on file within your organisation. If data is sensitive (age, sexual orientation, religion, etc.) you should assess whether this sensitive data is a necessity and whether or not you actually require it.
Do have a data privacy policy? Have you appointed a GDPR champion? Have you a policy on data regarding having personal data on personal devices? The list goes on and on.
With fines of up to €20,000,000 and less than 10 months to enactment and enforcement, businesses in the Southeast should consult with their local solicitor to help ensure GDPR compliance in an effort to avoid hefty fines in the future. Please contact HD Keane Solicitors for further advice.