The clock is ticking.
In less than a year, D-day (or data day, as we like to call it) becomes a reality.
The question is, are you ready?
In short, we know the very word data might be enough to make you switch off. But in an increasingly digital landscape, the fact is, data is king. Data, in essence, is the oil that drives the engine of any business.
As a result, the new General Data Protection Regulations (GDPR) coming into force in May 2018 are not to be ignored.
Subsequently, the stakes are definitely high. Those who are non-compliant come D-day may face significant financial penalties. Lack of preparation, in short, means GDPR could prove to be a big business headache. But it’s not too late to start your roadmap to GDPR compliance if you act now.
So what is GDPR and what does it mean to you?
GDPR is, in reality, a big deal for businesses, whether large and small. However, 25% of businesses are still unaware of it.
A far stricter, more rigorous version of the data protection act, GDPR is being introduced to ensure best practice when personal information is being used digitally.
Anyone handling or processing personal information such as HR, payroll details, customer marketing, and client contact databases, will fall under the jurisdiction of GDPR. And GDPR’s reach goes much further than electronic databases. For instance, if you use business security cameras or even offer staff mobile phones, GDPR applies to you too.
In a nutshell, the new laws aim to ensure anyone handling personal information does so responsibly to avoid the risk of the data being abused or misused.
Without a doubt, GDPR will change the face of how businesses source, store, move and use the personal data information they hold.
Why should you care?
Surely GDPR is only a concern for the big boys you might say? Well, afraid not. In fact, if you are handling personal data of any kind, GDPR will apply to you. Consequently, that includes whether you are:
- The Head of IT handling big data at an FTSE 100 company mass mailing millions of customers each week;
- A director running payroll for a staff of two, or;
- A PR person collating your own media or blogger contact list.
Those who don’t have their “data ducks” in a row and are non-compliant by the deadline will face financial penalties of up to 4% of their global revenue.
To avoid unnecessary stress and fines now is the time to get to grips with your GDPR responsibilities.
How do I know for sure if GDPR applies to me or my company?
More than half of companies (52%) are unsure what GDPRâ€™s impact will be on their organisations. How do you know for sure if it applies to you?
Simply put, if the answer is yes to any of the below questions, GDPR should be high on your priority list. Itâ€™s also worth noting the new laws will come into force despite the Brexit process.
- Do you store or process information about EU customers, citizens or employees?
- In addition, do you provide a service to the EU or persons based there?
- Moreover, do you have an establishment in the EU regardless of whether you store data in the EU?
Am I too late to start this process?
To ensure compliance by D-day, you will need to take action now.
I think GDPR will apply to me. What do I need to do?
97% of businesses still have no clear plan to ensure compliance by the deadline. This need not apply to you if you take action now.
To comply with GDPR there are a number of steps required. Depending on the size of your organisation and the state and complexity of your data set, this could prove to be a big, multi-faceted task. Particularly if you are pooling large data sets from a vast range of historical sources.
Getting your data ducks in a row
- If you had to, could you demonstrate where any part of your data originated?
- Could you explain the rights your customers have regarding their personal data? The “right to be forgotten” anyone?
- Do you have records of where that customer name was captured?
- Do you have proof of their opt-in to your marketing database?
- Can you explain who handles, processes and effectively touches the data at every stage in your business?
- Can you be safe in the knowledge your data is held securely?
If the answer to any of the above is no, you could have a problem. GDPR demands that businesses establish set policies for processing and controlling data. Establishing a firm overview of the journey data takes throughout your entire business is critical. Should a GDPR auditor come-a-knocking, you will also need an audit trail for proof of evidence.
What are companies expected to do?
Every case is different. But generally speaking, you need to:
Know your data
- GDPR expects that those responsible for handling data be That means the relevant people in the business must understand the regulations, from the MD to the front desk customer services team. We can help you achieve this by unleashing transparency in your data.
In many cases, in-house Data Protection Officers will need to be appointed. This will require specific GDPR training via accredited courses
- We can work collaboratively with you, establishing compliant policies to govern your data handling.
You will need to undertake a data mapping exercise to determine the particulars of your situation
- And carry out a Data Protection Impact Assessment on any data that may fall foul of regulations;
- Then implement the compliance requirements. We can help you achieve this in an agile innovative way.
Secure consent and maintain compliance
- You will need to source consent from customers you aim to market to;
- Moving forward, stay within legal boundaries of how personal data is sourced, used and (securely) stored.
I need help getting my data in order for compliance? Where do I start?
If you feel you’re stood at the foot of an insurmountable hill that is GDPR, help is at hand. Perhaps you have a huge dataset pooled from a multitude of disparate sources. How do you collect, reconcile, and recall data from these sources to really comply with GDPR regulations?
Well, the good news is, we know how to do it. Even better, you don’t need to rip up the road to do it!
With the right data partner like Qbase, you’ll be able to do more than simply identify your gaps and problem areas for GDPR compliance. You’ll also have an effective solution and full support to implement them.
Qbase’s collaborative approach is key to your success. We understand the pressures businesses are facing with GDPR. Our approachable team is on hand to help you all the way.
We can make each different data platform talk to each other in a GDPR compatible way, quickly and cost-effectively.
The result? A GDPR compliant lake of quality data at your fingertips, enabling you to pinpoint data as you need it in real-time. That means you have everything you need to be able to make better-informed decisions driving not only every customer interaction but your overall business efficiency too.
How long will it take to become compliant?
Just as a glove won’t fit every hand, every situation will be different. Timings will be dependent on the individual circumstances of each case.
If you want to get started on your roadmap to GDPR compliance Qbase can help.
What we do:
- Sit with you to understand your bespoke needs;
- Seek to identify your GDPR gaps;
- Solve your GDPR problem areas;
- Stay with you on your GDPR compliance journey and beyond.
Neil Martin | Commercial Director | firstname.lastname@example.org | 01925 875440