GDPR explained

The clock is ticking.

In less than a year, ‘D-day’ or ‘data day’ as we like to call it, becomes a reality.

The question is… are you ready?

We know… the very word ‘data’ might be enough to make you switch off. But in an increasingly digital landscape the fact is, data is king. Data is the oil that drives the engine of any business.

And the new General Data Protection Regulations (GDPR), coming into force in May 2018 are not to be ignored.

The stakes are high. Those found to be non-compliant come ‘D-day’ may face significant financial penalties. For anyone not prepared, GDPR could prove to be a big business headache. But it’s not too late to start your roadmap to GDPR compliance if you act now.

So what is GDPR and what does it mean to you?

GDPR is a big deal for businesses, whether large and small, yet 25% of businesses are unaware of it.

A far stricter, more rigorous version of the data protection act, GDPR is being introduced to ensure best practice when personal information is being used digitally.

Anyone handling or processing personal information such as HR, payroll details, customer marketing and client contact databases, will fall under the jurisdiction of GDPR. And GDPR’s reach goes much further than electronic databases. If you use business security cameras or even offer staff mobile phones, GDPR applies to you too.

In a nutshell, the new laws aim to ensure anyone handling personal information does so responsibly to avoid the risk of the data being abused or misused.

Without a doubt GDPR will change the face of how businesses source, store, move and use the personal data information they hold.

Why should you care?

Surely GDPR is only a concern for the big boys you might say? Well, afraid not…

Whether you’re the Head of IT handling ‘big data’ at a FTSE 100 company mass mailing millions of customers each week, a director running a payroll for a staff of two, or a PR collating your own media or blogger contact list, if you are handling personal data of any kind GDPR will apply to you.

Those who don’t have their ‘data ducks’ in a row and are non-compliant come the deadline will face financial penalties of up to 4% of their global revenue.

To avoid unnecessary stress and fines, now is the time to get to grips with your GDPR responsibilities.

How do I know for sure if GDPR applies to me or my company?

More than half of companies (52%) are unsure what GDPR’s impact will be on their organisations. How do you know for sure if it applies to you?

Simply put, if the answer is yes to any of the below questions, GDPR should be high on your priority list. It’s also worth noting the new laws will come into force despite the Brexit process.

  • Do you store or process information about EU customers, citizens or employees?
  • Do you provide a service to the EU or persons based there?
  • Do you have an establishment in the EU regardless of whether you store data in the EU?

Am I too late to get started?

To ensure compliance by D-day, you will need to take action now.

I think GDPR will apply to me. What do I need to do?

97% of businesses still have no clear plan to ensure compliance by the deadline. This need not apply to you if you take action now.

To comply to GDPR there are a number of steps required. Depending on the size of your organisation and the state and complexity of your data set, this could prove to be a big, multi-faceted task. Particularly if you are pooling large data sets from a vast range of historical sources.

Getting your data ducks in a row

  • If you had to, could you demonstrate where any part of your data originated?
  • Could you explain the rights your customers have regarding their personal data? The ‘right to be forgotten’ anyone?
  • Do you have records of where that customer name was captured?
  • Do you have proof of their ‘opt-in’ to your marketing database?
  • Can you explain who handles, processes and effectively ‘touches’ the data at every stage in your business?
  • Can you be safe in the knowledge your data is held securely?

If the answer to any of the above is no, you could have a problem. GDPR demands that businesses establish set policies for processing and controlling data. Establishing a firm overview of the journey data takes throughout your entire business is critical. Should a GDPR auditor come a knocking, you will also need an audit trail for proof of evidence.

What are companies expected to do?

Every case is different. But generally speaking you need to…

Know your data.

  •  GDPR expects that those responsible for handling data be That means the relevant people in the business must understand the regulations, from the MD to the front desk customer services team. We can help you achieve this by unleashing transparency in your data

Be accountable

 In many cases, in house Data Protection Officers will need to be appointed. This will require specific GDPR training via accredited courses

  • We can work collaboratively with you, establishing compliant policies to govern your data handling

 Be compliant.

 You will need to undertake a data mapping exercise to determine the particulars of your situation

  • And carry out a Data Protection Impact Assessment on any data that may fall foul of regulations
  • Then implement the compliance requirements. We can help you achieve this in an agile innovative way

Secure consent and maintain compliance

  • You will need to source consent from customers you aim to ‘market’ to
  • Moving forward, stay within legal boundaries of how personal data is sourced, used and (securely) stored

I need help getting my data in order for compliance? Where do I start?

If you feel you’re stood at the foot of an insurmountable hill that is GDPR, help is at hand. Perhaps you have a huge data set pooled from a multitude of disparate sources. How do you collect, reconcile, and recall data from these sources to really comply with GDPR regulations?

Well, the good news is, we know how. Even better, you don’t need to rip up the road to do it!

With the right data partner like Qbase, you’ll be able to do more than simply identify your gaps and problem areas for GDPR compliance. You’ll also have an effective solution and full support to implement them.

Qbase’s collaborative approach is key to your success. We understand the pressures businesses are facing with GDPR. Our approachable team is on hand to help you all the way.

We can make each different data platform talk to each other in a GDPR compatible way, quickly and cost effectively.

The result? A GDPR compliant ‘lake’ of quality data at your finger tips, enabling you to pinpoint data as you need it in real-time. That means you have everything you need to be able to make better-informed decisions driving not only every customer interaction, but your overall business efficiency too.

How long will it take to become compliant?

Just as a glove won’t fit every hand, every situation will be different. Timings will be dependent on the individual circumstances of each case.

If you want to get started on your roadmap to GDPR compliance Qbase can help.

What we do:

Sit…with you to understand your bespoke needs

Seek…to identify your GDPR gaps

Solve…your GDPR problem areas

Stay…with you on your GDPR compliance journey and beyond

 

More Information

Neil Martin – Commercial Director, Qbase                   neil.martin@qbase.net                  01925 875440

More News