You could say that when the General Data Protection Regulation (GDPR) came into effect on 25th May 2018, everything changed. Businesses especially saw a noticeable difference, as the rules regarding how they accessed, stored, used and protected data went through a major upheaval.
What is GDPR?
The main purpose behind the implementation of this EU directive was to place stricter rules on data protection. Under this directive, European citizens have now got greater control/rights over how their personal data is used by businesses.
In addition, there is stricter monitoring on how businesses acquire, store and use data. For instance, businesses are only allowed to collect data if they have got appropriate legal grounds to process it i.e. they can only collect personal information for a specific purpose, and can only use it for that purpose, nothing else. At all times this must be done transparently and with full permission from the customer, employee, supplier, etc.
And this applies to any business in the EU, as well as to companies that process the data of EU citizens. Should they fail to adhere to it, they could face fines of up to €20 million or 4% of their annual turnover (whichever is higher).
As you can imagine, now more than ever it is important for businesses who acquire, store or use any form of personal information – yes, even names, email addresses, IP addresses, phone numbers and postal addresses – to be compliant.
In other words, if you’ve ever had or will have access to the personal data of employees, suppliers and customers; you’ve got to be GDPR compliant AND must register with the ICO.
True, there are some exceptions for businesses who have got under 250 employees – they don’t have to keep records of their processing activities unless it is regular, or concerns over sensitive information. However, having the proper procedure in place from the beginning could prove beneficial to your business, especially as you grow or when you work with larger businesses.
Still not sure how to handle GDPR? Contact our team at Economit. We can perform an audit of your processes and help you to determine the best course of action for maximising data protection and making your business compliant.