Wednesday 14th February 2018, valentine’s day, but more significantly it’s 100 days until G-day. May 25th, 2018, the day on which The General Data Protection Regulation will come into full effect across Europe following a 2-year transition period set by the European Council. The regulation will be the largest shake-up of data protection laws across Europe in 20-years.
With just, 100 days to go, organisations across all of Europe should be well versed in the regulation and preparations to ensure compliance should be nearing completion. However, with surveys over the past 18-months telling a different picture, it seems likely the Information Commissioner’s Office will have a busy period after May, dealing with breaches.
Almost a quarter of London firms still unaware of the GDPR
A recent survey commissioned by London Chamber of Commerce and Industry (LCCI) has found that a startling number of London businesses are still unaware of the legislation; approximately a quarter of London business.
The London Chamber of Commerce and Industry (LCCI) commissioned and conducted the survey of 500 companies discovering that 24% of the companies surveyed knew nothing about the GDPR and its impending implementation as British law. Furthermore, only 16% of the companies interviewed considered themselves to be prepared for the legislation.
The lack of information seems prevalent throughout businesses, with 21% stating that they would require more information to be able to prepare. However, the most shocking statistic was that 34% felt that GDPR was not relevant to them as an organisation.
Don’t know what GDPR is yet? Time to be worried.
One aspect of the regulation which has been regularly making headlines is the new penalties that can be enforced. These penalties are much larger than the current £500,000 fine that can be imposed by the ICO, with firms now in danger of receiving penalty fines of up to £17,000,000 for the most serious breaches (or 4% of global turnover, whichever is higher). Other key points of the GDPR include:
- Updated definitions for personal data and for consent. All definitions can be found in Article 4 of the regulation.
- Increased responsibilities for data processors to reduce the risks of a data breach.
- The right for data subjects (individuals) to have all data held on them, deleted.
- A requirement to be able to demonstrate compliance.
How to start preparing your organisation for GDPR in 100 days
Businesses of all sizes will need to prepare for GDPR and implement processes to assist with demonstrating compliance. One of the main differences between GDPR and the Data Protection Act (DPA) is the transparency that businesses will need to provide to the Information Commissioner’s Office (ICO). If a breach occurs, under the GDPR, organisations have a responsibility to report it to the ICO within 72-hours, failure to do so is considered a breach of the regulation and can be penalised with a fine.
The ICO has provided a basic guidance for organisations outlining 12 steps that organisations should take now.
Mapping and reviewing data is an important step in compliance, under a regulation that is being put in place to ensure data is being protected securely. By mapping data, and who has access, organisations can begin to mitigate risk and ensure breaches do not occur.
Redstor, helping you comply with the GDPR
Redstor have partnered with compliance management experts GDPR365, to help ensure all organisations are prepared for the new Data Protection Bill and the GDPR. GDPR365 gives organisations a platform to review and organise processes to ensure they are GDPR compliant and to provide a framework for new documentation needed under the regulation. To learn more about GDPR, GDPR365 and how Redstor can help, get in touch now.