The General Data Protection Regulation (GDPR) is an EU regulation due to come into force on 25 May 2018, at which time businesses and organisations’ responsibilities for the handling and processing of personal data will change.
The aim of GDPR is to bring data privacy laws across Europe in step with each other, and failure to comply will result in significant fines.
It’s a big change, and much has been made of the pressures facing businesses to evaluate client data – the way it is stored and processed, who it is shared with and how it is collected.
However, it is worth highlighting that the regulation is aiming to regulate the management of all EU citizens data – so for many organisations, this will include employees as well as clients.
Employee data management
Under GDPR, all business leaders will have to ensure they:
- Request consent for data and clearly detail how the data will be used
- Offer individuals the right to access their data
- Offer individuals the right to be forgotten – to withdraw their consent and prevent further dissemination of their data
- Notify those concerned of any security breaches
For more information on key changes, check here.
A note on Brexit
GDPR is about protecting the data privacy of EU citizens. This is true regardless of where the business or organisation that holds the data is based.
In other words, chances are businesses will need to be GDPR compliant regardless of what happens when the UK withdraws from the EU.
According to EUGDPR.org, the UK government has indicated that equivalent legal mechanisms would be put in place, regardless of whether the UK maintains the GDPR post-Brexit. In all scenarios, the wise thing to do is start preparing now.
This issue will affect businesses and organisations of all sizes. We caught up with Abby Blackmore, head of operations at creative digital and social agency Impero, to find out how she is preparing for the switch.
Why is data protection important for a business’ reputation?
“Data and its protection has changed so much since the old data protection rules were written.
“With the growth of the internet and computers in general, we now have more data than ever at our finger tips. Whilst we can’t fathom doing our jobs without this huge cloud of data, it means we are much more open to data breaches.
“It is important to be on top of your data protection as clients and employees are now much more aware of the importance of their data and its safety and it is a very important responsibility they have trusted us with. I think companies need to show that they have taken that responsibility seriously – fines or no fines.”
How do you keep on top of data protection for employees?
“At Impero we regularly review that our HR software is compliant, and that knowledge of employee data is available only to those who need it.
“Keeping the circle of access tight, and the software top tier, allows us to be sure we are keeping privacy protected.”
How do you ensure that you are compliant with GDPR?
“GDPR feels like a huge beast when you initially look at it, with far reaching consequences.
“The first step, as with any big looming project, is to break it down into more manageable buckets of work, prioritising them, and just working slowly but surely to a good place.
“Once your initial audit is done, you inevitably find that you are actually already compliant in a lot of areas, and others just need tweaks rather than massive overhauls. Breaking through the stigma and fear of how big this change feels is the first step.”