One of the biggest shake ups of European privacy legislation which is expected to have a significant impact on the way business is done comes into force in 12 months’ time.
It’s going to have a huge impact on how businesses store and process data and carries tough penalties and hefty fines for breaches.
The Government will implement the General Data Protection Regulation and it is expected that the UK will continue to comply with GDPR after Brexit – so all businesses should be assessing how they use personal data and how this legislation will affect the sector in which they operate.
Advanced planning is key to ensuring compliance with the new legislation which comes into force from 25 May 2018, according to Austen Clark, managing director of Clark Integrated Technologies.
“The changes that will come with the 2018 deadline will have implications for businesses of all sizes that handle the personal data of EU residents, regardless of location,” Mr Clark states.
“The GDPR is going to have a huge impact on how businesses store and process data and they need to act now to make sure they are properly prepared for this major overhaul of data protection legislation which will impact on us all. Dedicating time to this now will ensure businesses have procedures in place to be able to comply with the new regulation.
“This isn’t just for big businesses – a gym that offers a members’ loyalty scheme or a one-person chiropractor that asks patients to complete a wellbeing form will have to ensure that personal data is stored in line with the new regulations and not breach them.”
GDPR will directly apply in EU countries and replaces ageing European and national data protection legislation, with companies given until until May next year to adopt the measures and become compliant.
Influenced by technological advances, it introduces new accountability obligations, stronger rights and ongoing restrictions on international data flows. GDPR seeks to protect individuals whose personal data is handled by companies. Data processing refers to the handling, storage, evaluation, reference or general use of information relating to individuals. Businesses should only be collecting necessary data and discarding it when it is no longer required to protect data subject rights.
So an online retailer running a small e-commerce site that holds customers’ personal details is subject to GDPR regulations. And any company or individual providing marketing, IT, accountancy or business support that may have access to a wealth of client and customer data needs to ensure this is collected, stored and protected in specific ways.
One of the biggest considerations of the new regulations is ensuring sensitive data is handled correctly.
Government help to prepare for the regulation is available, with webinars, training courses and data flow audits and Mr Clark suggests a good starting point is to carry out a gap analysis of current processing in line with GDPR.
"Understand what data you hold, how you are using it, and make sure that you are practising good data hygiene by limiting access to data to only those who need it, and ensuring that authentication protocols are up-to-scratch for those users," Mr Clark advises.
“Businesses should also consider deleting data that is no longer required so that it does not become an unnecessary risk.”
Clark IT is already working with clients to assess how GDPR will impact on them and the sector in which they operate, to guide them through the complexities of the legislation and to ensure they become fully compliant. The IT specialists can take clients through the process from start to finish using its unique portal and working with partners to cover legal, datacentre, insurance and finance matters.
While it may seem like a daunting process, GDPR should not be viewed as unnecessary red tape says Mr Clark, who predicts that the legislation has the ability to bring benefits to both businesses and individuals.
Mr Clark states: “This creates a new single data protection act, and has scope to bring increased consistency to data protection practices, eliminating problems arising from the existence of different national variations.
“There are enhanced powers given to data protection authorities in tackling non-compliance and it will also be easier for individuals to claim against data controllers where their data privacy has been infringed.
“GDPR will also give individuals greater control and rights over their personal data. As a result, individuals will be able to request that businesses delete their no longer necessary or accurate personal data.
“The regulation could also prove to be an advance in the war against cybercrime, given mandatory breach notifications. Taking GDPR seriously will see businesses invest in, and demonstrate, high levels of security which could in turn raise customer trust.”
Clark IT based near Turriff in Aberdeenshire is one Scotland’s leading independent providers of managed ICT solutions with a broad range of corporate and commercial clients not only in the North-east but across Scotland and beyond.
Its clients benefit from the specialist knowledge of its 26-strong workforce to support their systems and through managed IT services. Clients also benefit from Pro-active IT Support, 24/7 Monitoring, A virtual IT Manager, predictive IT costs and a strategic IT plan tailor-made for their business.