Businesses it is time to start preparing for the upcoming GDPR

GDPR ( General Data Protection Regulation) is approaching fast and it is time to get your compliance sorted. The regulation is coming into effect on 25 May 2018 and is applicable to all European businesses, including SME’s. 

What is GDPR?
The General Data Protection Regulation is a comprehensive upgrade of data protection laws across the EU. It applies to the handling of personal data.

What is personal data ? 
Personal data is data relating  to a living individual who can be identified from that data. Personal data can include names, addresses, National Insurance ( social security) number of individuals. It is anything which could identify a living individual. Personal data can be in electronic or hard copy form.

What does GDPR say? 
Personal data must be processed in a manner that ensures appropriate security of the data, including protection against unauthorized or unlawful processing ad against accidental loss, destruction or damage, using appropriate technical or organisational measures.

6 principles of Data Protection
These six principles should be the core  of any data protection strategy. Data shall be:

1. Processed lawfully, fairly and in a transparent way
2. Collected for specified, explicit and legitimate purposes and not be subsequently processed in a way that goes against those initial purposes. 
3. Adequate, relevant and limited to what is necessary. 
4. Accurate and up to date; inaccuracies should be processed, erased or rectified without delay. 
5. Kept for no longer than is necessary 
6. Processed securely

Where should you start to get compliant? 
Make an audit of the personal data you hold as a company.

1. What personal data do you hold? 
These are things like customer and client data lists, marketing and sales databases. Important is to know what type or kind of data this is. Check all data and check if it needs to be deleted by the compliance date.

2. What is the origin of this personal data? 
How did you obtain this data? Did you get it from the individual directly, via customers, a third-part bought database, cookies etc.

3. How do you use this data? 
Does only your company use this data or are you in the business of selling data on to third parties? Is the personal data stored outside the EU? Do you share the data with data processors?

4. Where is this personal data? 
Have you stored it all in a digital form on your server? Do you have paper documents in the office containing personal data? Do you have a access policy for personal data?

Tracking down all personal data you have is the first step in getting compliant.

Then organisations can start implementing technical and organisational measures to make sure they are  processing all paper and electronic data properly. To assess the right security levels , consider the potential risks that are presented by processing.

Wrapping up GDPR compliance for your paper documents
Data protection principles GDPR article 5(1)

Storage limitation of documents : Personal data can be kept in a form which enables individuals to be identified for no longer than is necessary for the purposes for which you are using it- in other words, if you no longer need it, securely destroy it (or remove the personal data)

Find your perfect Fellowes shredder here to securely destroy your documents.