Current data protection guidelines are based on a Data Protection Directive introduced in 1995. More than 20 years on, there have been significant advances in technology resulting in changes to the way individuals and organisations communicate and share information.
The new GDPR, which comes into force on 25th May 2018, addresses these areas giving a more relevant and consistent legal framework, in addition to a better unified approach for EU member states. We have put together a useful document showing 12 steps your organisation can take now to prepare.
What will the impact be?
Some concepts under the existing Data Protection Directive will remain unchanged, however, many of the new approaches will have a significant impact.
The new regulations could also have implications following Brexit, although it has been agreed that consistency should be maintained for data sharing across national borders, in-line with guidelines from the Information Commissioner’s Office (ICO). The recommendation for organisations is to continue putting in place procedures that will ensure compliance with the new GDPR.
New guidance was recently issued for the use of encryption software, and whilst it doesn’t state an organisation must encrypt data, there is a responsibility to protect and ensure any personal details you hold or gather are secure. Loss or theft of sensitive information is much more likely to occur if no encryption procedure is in place.
How should you prepare?
We have put together the 12 most important steps you should take now to prepare your business and ensure compliance when the new regulation is introduced.
Some of the key areas to consider are;
- Review any existing data you hold and how this is used and stored
- Do you have adequate systems in place to manage a data breach?
- Make sure all key people in your business are aware of the changes