22 Feb General Data Protection Regulation: What You Need To Know & Do
We’re getting closer and closer to the GDPR deadline on 25th May 2018. This new regulation was brought into power by the European Union to bring data protection legalisation into line with new, previously unforeseen ways that data is used now.
We’ve highlighted some of the key facts you need to know before the law is taken into place.
After three years of debate and discussion, the new general data protection regulation has been agreed on and came into force on 24th May 2016. Although, the law doesn’t actually apply to businesses and organisations until 25th May 2018.
Surprisingly, not all organisations are preparing for the law just yet, which could cause some serious problems for them once the law is applied in May. It’s crucial to be prepared so that nothing catches you out once the law is in place.
We currently rely on the 1998 data protection act, this was also brought into power by the EU. However, the government is looking for better protection and control over peoples own data. The new GDPR allows people to have more say over what companies do with their data.
It also introduces tougher fines for non-compliance breaches. It’s much more advanced compared to the 1998 data protection act.
The EU wanted people to have more control over how their personal data is used, bearing in mind that search engines and social media platforms such as Facebook and Google are swapping access to peoples data for use of their services.
Since the current legalisation was created before the internet and cloud technology, GDPR is here to cover all of the new ways these companies exploit peoples data.
The EU also wants to give businesses a clearer legal environment in which to operate, making the data protection law identical throughout the single market. This is estimated to save businesses a collective €2.3 billion a year.
This new law applies to ‘controllers‘ and ‘processors‘ of data. The controller is the one who states how and why the personal data is processed. The processor takes care of the actually processing of the data.
Controller = organisation, charity, government or profit-seeking company.
Processor = IT firm, who takes care of data processing.
If controllers and processors outside of the EU are using data from EU residents, then the GDPR still applies to them.
It’s the controllers job to ensure that they are abiding by the protection law. Processors must abide by rules to maintain records of their processing activities.
The way you store your data needs to change. Whether you’re working in the office or on the move, an organisation can protect its data the right way using these four essential steps:
Shred: Once a private and sensitive paper document becomes useless to you, shred it. You must keep a shredder in the office and at the side of your desk so that you do not forget to destroy the paper once you’re finished with it.
Lock Your Laptop: When not in use, keep laptops and other devices locked to keep anyone from trying to access your files.
Hide Your Screen: When on the move, you take care of some work whilst on your travels such as on the train or an airplane. If you’re using your laptop, a passenger behind you or next to you might try to have a look at what you’re working on. Prevent this by using a privacy filter which makes the screen only visible to you and no one else around you.
Why Not Go Paperless? For Document Management solutions perfectly suited to smaller businesses and individual departments try watermarktech.co.uk. You can organise your business with ease and retain the look and flexibility of working with paper – whatever type of business you run. With costs from just £25 the cloud-based version is ideal for companies with up to 15 employees.
Banner, part of the EVO Group, specialise in office furniture and technologies. They are able to supply your organisation with all products mentioned in this blog to help you prepare for the new GDPR law.