5 steps to prepare your business for GDPR

Knowledge is power. That’s what they say, at least. And nowadays all this knowledge is stored in one place ¬- the ether and has been renamed ‘data’.

Come May 2018, a new EU directive that aims to protect and unify personal data, the General Data Protection Regulation (GDPR), will be in full effect. And though it may still be a year off, there are steps you should be taking now to ensure your business is ready to go.

Voted by the European Council, these consumer privacy regulations are set to provide added security and protection across the EU– but businesses could find themselves at the forefront of some pretty hefty fines should they be found to not comply with the new legislation.

While consumers will be granted greater control over how their personal data is used, businesses handling data of EU citizens will bear the responsibility of making sure their handling of the data is up to code. That includes businesses located outside the EU that handle data of EU citizens.

As cyber security firm Imperva outlines in its GDPR breakdown, fines are determined by the nature and severity of the infringement of the regulation, with two different categories of fines in place: one for failing to comply with the technical requirements and the other – whose maximum fine can go up to €20m or 4% of global annual turnover – for failing to adhere to the core principles of data processing and/or infringement of personal rights.

Here are five basic steps that businesses need to take to make sure they comply with the GDPR:

5. Develop a Clear Policy

By developing a clear policy and understanding the fundamentals of what GDPR is and will do, your business will be safeguarded against any possible setbacks. Businesses need to study the requirements of the GDPR closely, mapping out a plan that does not only satisfy new regulations but is also adaptable to new conditions by including breach discovery and notification and security failsafes.

4. Prepare for Breaches of Data Protection

Data breaches are not uncommon – with Yahoo, Tweetdeck, and AdultFriendFinder being recent victims of data breaches of private information. But new GDPR requirements mean that the reporting of these data breaches to the public will be under more vigorous guidelines. 72 hours will become the maximum legal time to report a data breach from May 2018. This will force companies to become more transparent in their usage of the public’s data. Those affected will thus be able to take necessary steps to minimize any problems caused by these breaches, including changing passwords. Companies will no longer be able to withhold information about the extent to which the data has been breached. The ruling will offer an altogether clearer method for dealing with the aftermath of data breaches.

3. Give Customers More Control

GDPR will enable customers to opt-in rather than opt-out of data collection. Therefore, the legislation will require businesses to change their privacy policies, ensuring both parties understand how exactly personal data is handled. Children especially will be subjected to more strenuous checks for proof of age. Through data anonymisation, customer consent and the right to be forgotten, customers will have more control over the use of their data. Instead of the current system of opting-out, customers will be able to opt in, which intends to make consenting to storing and sharing of their personal data more transparent.

2. Be Ready for Assessments

The GDPR requests frequent checks in order to test the integrity of the data collection and privacy policy of companies. Ensure that you are on top of the checks and balances and you’ll find that the system works better for you. Appointing a data protection officer in your company will help you avoid fixed penalties and PR nightmares and ease the transition into this new system. They will assume the responsibility of ensuring everything runs smoothly and external assessment for GDPR compliance is positive for your company.

1. Increase Awareness

The most important step to take to prepare for GDPR is to make sure that everyone in the company knows that it is happening and what the new policy is. By informing all employees about the rules regarding data collection, you will be able to ensure proper procedure is being followed in each stage of the workflow and by different departments in the company.

The move to GDPR in May 2018 doesn’t have to be a difficult one. By learning what’s in store for the future of data and its collection, companies will be able to prepare on time and follow the instructions outlined in the new policy.