What is GDPR?
The European General Data Protection Regulations (EU GDPR) come into force on May 25th 2018. What many people in the UK don’t realise is that the updated Data Protection Act (DPA; currently the Data Protection Bill) is also planned to be passed ready for implementation on May 25th in order to run alongside the GDPR until the United Kingdom leaves the EU.
Whilst much of the updated DPA coincides with the GDPR, there are some differences. The important point is that when WE talk about GDPR, WE are really talking about the new DPA.
Who does it affect?
In short, every organisation in Europe and any organisation outside of Europe that does business with any person or organisation within the European Union, will need to comply with the new GDPR.
But I don’t have any personal data (PII)
Payroll data, contact lists, emails, filing cabinets, CCTV data, business cards, mobile phone contacts, paper address books, wage slips, HR forms, medical forms.. the list goes on and on. It is extremely unlikely that you don’t process any PII. Processing really just means using in any form that is searchable. There are also plenty of sites claiming that things like business cards do not constitute PII, but beware of such claims. Our information is derived purely from the official guidance of the European Parliament, the Information Commissioner’s Office and UK Government sources.
We already comply with the Data Protection Act
That’s great, you are halfway there, but the GDPR is very much more about compliance. It is no good saying you comply, you have to prove it, and along the way you will discover that you were not anywhere near as compliant as you thought.
SO WHAT DO I DO?
It’s easy, you essentially have four options:-
- Try to do it all yourself; research everything, learn the intricacies of the GDPR, Data Protection Act, Electronic Communications Act, Data Protection Bill, Guidance on DPOs, what constitutes personal data, consent.. etc. Put it all together, design all of your own procedures and policies, do your own testing and judge for yourself whether you meet the regulatory requirements. [Hard work, a severe drain on man-hours, no comparisons with other businesses]
- Attend training sessions in order to fast-track your knowledge and gain a significant advantage over those trying to do it themselves. [The fastest and cheapest way to manage your own compliance]
- Employ consultants to completely manage your road to compliance. [If you can afford it, the best option, you know that you’ll have the right expertise on hand. Bear in mind you will need to be 100% on-board with them and willing to instil the required ethos and enforce the appropriate measures throughout the company]
- Enlist consultants on an advisory basis to help you become compliant, whilst you do the bulk of the hard work. [A good compromise; the consultants give you direction. You follow through with actions and they verify results. It is nice to have somebody to ask the right questions and give the right answers without it costing a fortune]
GDPR Wizard is the compliance arm of Unity Metrix Ltd. We are ready and waiting to help you in whichever capacity most suits your needs. A good place to start in any circumstance is our GDPR Crash Course, where you will learn everything about the process in the space of a single day in order to help you decide in which way you would like to move forward. During this course you will learn exactly what needs to be done and even start doing it for your own business right there and then.