GDPR deadline brought forward to 1st April 2018
Did you know that the deadline for the new General Data Protection Regulation (GDPR) has been brought forward by a month to the 1st of April 2018? This recent news has been confirmed… as an April Fools joke!
Don’t fret it’s only a bit of harmless fun, the 25th of May 2018 is still the date you need to make sure that your business is GDPR compliant.
If you felt a lump in your stomach reading the headline to this post, it may have been the realisation that the deadline for the GDPR is actually a lot closer than you originally thought.
Are you prepared for when the 25th of May comes around?
What is the GDPR and why should I care?
Any business or organisation that holds personal information must get full and intentional consent from the owner about what information can be used by the organisation and how they can use it.
To brush over its brief history, the General Data Protection Regulation (GDPR) is an EU legislation that will come into effect on the 25th May 2018 after four full years of deliberation. Its main aim is to make it easier for consumers to control how their data is used by companies and organisations.
Any organisation that handles data, regardless of their size, will have to comply with these new rules, no ifs and no buts.
Full consideration should be made in effort to be compliant with the new GDPR rules, every member of staff should be made aware of the responsibility they hold to protect personal information of their users and fellow employees.
Everyone from the cleaner to the CEO should understand how they have a duty to protect against data breaches, either physically or virtually.
Essential questions you need to ask yourself about becoming GDPR ready
- What type of consent do we already have from customers to use their data? Do we have their consent to send them marketing and sales emails?
- What classifies as personally identifiable information? Do we store this information unnecessarily?
- Does our company need a Data Protection Officer?
- Should our company have its own Data Protection Officer or should we hire one externally?
- Are my staff properly trained to handle personally identifiable information?
- Do we have the appropriate procedures in place to meet the GDPR deadline?
- Is there clear information about how our company will handle a data breach?
What will happen if I’m not ready before the GDPR deadline?
If your business or organisation is not ready before the GDPR deadline you could leave your business vulnerable to potential data breaches. The business could also receive a fine for not meeting the necessary requirements for being GDPR compliant.
What are the fines for not being GDPR compliant?
The fines for breaching the GDPR are sorted into two tiers.
The first tier fines carry a maximum fine of €10,000,000 or up to 2% of total annual global turnover (not profit) of the preceding financial year, whichever is higher.
The second tier maximum is €20,000,000 or up to 4% of total annual global turnover (not profit) for the preceding financial year whichever is greater.
The fines within each tier relate to specific articles within the Regulation that the controller or processor has breached.
As a general rule of thumb, breaches of data controller obligations will land you a tier one fine, whereas breaches of a data subjects rights and freedoms will result in a tier two fine.
How can I make my business GDPR compliant?
If you’ve not done much to adhere to the GDPR, don’t worry, there’s still time to make sure you’re ready for 25th May.
Your basic GDPR checklist should at least include the following:
- Providing training for all your staff on why GDPR is important, how it will affect your business and how to properly handle personal data from 25th May 2018
- Appointing a Data Protection Officer (DPO)
- Conducting an information audit to find out what personal data you hold, who you share it with and what you do with it
- Making sure any data you collected was done so with active consent rather than passive consent
- Providing the opportunity for people currently on your mailing lists to actively opt into future sales and marketing emails
Click here for more information on our GDPR course that explains how to ensure your organisation is prepared before the deadline.
We may have caused a bit of mischief by saying that the GDPR deadline had been brought forward, but the regulations and the consequences for not adhering to them are far from a joke. Don’t be one of the foolish businesses that isn’t ready for 25th May 2018.
Happy April Fools Day!