How to Prepare and Protect Your Business with the Changing GDPR Laws

How to Prepare and Protect Your Business with the Changing GDPR Laws

The 25th May 2018 sees the introduction of the EU’s new data protection reform; the EU General Data Protection Regulation (GDPR). The new rules will update and replace previous data protection acts, and will enable the general public to better control their personal data, regardless of where it is sent, stored and processed.  

These new rules are being introduced to provide a uniform set of guidelines and standards that all businesses must comply with to protect their customer data when trading in the EU. If a business fails to comply with the new regulations, they will be subject to a fine of up to €20 million, or 4% of their global annual turnover; whichever is larger. 


The GDPR has four provisions which include:

• Individuals will have more information on how their data is processed.

• It will be easier for individuals to transmit their data between service providers.

• Individuals will have the right for their data to be erased if there is no legitimate reason for it to be stored.

• Individuals will have the right to know if their data has been hacked.


Impact on businesses

The GDPR means that businesses can streamline their data protection, and capitalise on the simple and clear unified standards from having one central body for data protection and standardisation, rather than the current 28 laws. The new rules also mean that all EU trading businesses will operate fairly as they are all bound by the same guidelines, regardless of where they are established. 

Businesses should also consider appointing a data protection officer (DPO) to implement safeguards from the early stages, and who will be responsible for overall data compliance. Organisation must appoint a DPO if they are a public authority, carry out large-scale systematic monitoring of individuals, or carry out large-scale processing of special categories of data such as criminal convictions and offences.


Preparing for the GDPR

Although the GDPR doesn’t come into effect until 25th May 2018, businesses are advised to prepare and ensure compliance by following the checklist prepared by the Information Commissioner’s Office (ICO):

1. Ensure all decision makers in your organisation are aware of the GDPR.

2. Audit the personal data you hold, where it came from and whom you share it with. 

3. Review your current privacy notices and plan for making any necessary GDPR changes.

4. Check your procedures to ensure they cover all the rights individuals have; including how you would delete personal data.

5. Update your procedures and plan how you will handle requests to provide extra information.

6. Look at the data processing you carry out, identify your legal basis for doing so and document it.

7. Review how you are seeking, obtaining and recording consent.

8. Think about putting systems in place to verify individuals’ ages and to gather parental or guardian consent for data processing.

9. Ensure you have the right procedures in place to detect, report and investigate data breaches.

10. Familiarise yourself with the guidance the ICO has produced on Privacy Impact Assessments, and work out how and when to implement them.

11. Designate a Data Protection Officer, if required, or someone to be responsible for data protection compliance.

12. Determine which data protection supervisory authority you fall under if your organisation operates internationally.


If you want more information on how you can prepare your business for the upcoming data protection changes, call cyber experts, Cyberguru for a free cyber insurance quote.

Related Articles

9 Albany Park, Cabot Lane, Poole, Dorset, BH17 7BX
t. +44 (0)330 1240730
e. This email address is being protected from spambots. You need JavaScript enabled to view it.

© Insync Insurance Solutions Ltd 2016 All rights reserved. Cyberguru is a trading style of Insync Insurance Solutions Ltd which is authorised & regulated by the Financial Conduct Authority where our reference number is 766691. Our registered office is Midland House, 2 Poole Road, Bournemouth, Dorset BH2 5QY and we are registered in England under company number 08810662. Should you have cause to complain, and you are not satisfied with our response to your complaint, you may be able to refer it to the Financial Ombudsman Service, which can be contacted as follows: The Financial Ombudsman Service Exchange Tower, London, E14 9SR | Tel: 0800 023 4567 or 0300 123 9 123 | | Terms of Business