Gdpr Is Coming Soon But Are You Prepared?

May 2018 will see the implementation of the EU General Data Protection Regulation (GDPR). There has been much hype about the new rules but in our new monthly column Jill Dovey, IT law and data protection specialist, at Muckle LLP - the North East's leading independent commercial law firm, will be providing advice and her top tips on how you can start preparing now.

We’ve all seen the news. The numerous cyberattacks and security incidents at organisations around the world have propelled data protection to the top of board agendas everywhere. GDPR is a result of these incidents but also changes in technology, the way we interact and the vast quantities of data created every second of every day. Existing data protection laws predate the internet and just don’t relate to our connected world today. GDPR is focused on data which identifies us as individuals and seeks to protect us.

It won’t stop covert tracking online, profiling and cold calling, but it will make sure they are done transparently, putting us in control of our information. Of course, there’s always going to be an element of human error, so GDPR won’t stop all breaches. It will however help you identify where your businesses might be attacked, highlight improvement opportunities and address vulnerabilities proactively rather than reactively.

The reality is GDPR will impact all businesses. Whether you are a small trader or large global operator, everyone needs to be prepared. And there are some pretty hefty fines for any businesses that don’t comply up to 20m Euros or 4% of your global annual turnover, whichever is higher. Earlier this year I spoke alongside the Information Commissioner’s Office (ICO) at GDPR Making it real, the BCS Chartered Institute for IT’s national event, and presented on the legal implications for businesses. The ICO website should be the starting point for information for all businesses on GDPR. It has lots of accessible guides and a blog about GDPR. Lots of businesses don’t know where to start with GDPR compliance. My top tip? Data mapping.

The first thing that any business should do in preparation for GDPR is map the flow of personal data through its organisation, from collection to destruction. The data map will need to be constantly updated to reflect changes within organisations and all data processes, procedures and policies will be based on this. While there is much to consider, it is important to remember that GDPR isn’t just about protecting data. It is about protecting your business too.