By now most business owners worth their salt have heard about the new GDPR. The really savvy ones might have even started putting measures in place to get ready for it. Sadly, most of the businesses who fell into that last category are the ‘big businesses’. You know, the ones who have infinite resources and entire departments dedicated to compliance and regulation. But that leaves the smaller businesses somewhat flustered and unsure of what to do. So today, I’m here to answer some basic GDPR questions and give you a few tips for getting your IT systems ready for the big switch.
But first, what is this big bad acronym that has business owners rushing around like ants? GDPR stands for General Data protection Regulations, and it’s essentially the EU’s answer to the Data protection Act. However, unlike previous EU directives (which countries can choose to implement or not, and how), this is a regulation. This means it will apply to all EU countries in exactly the same way. It also reaches outside of the EU to any organisation that handles EU citizen data, regardless of their location in the world. The regulation is actually already in place – we are partway through a transition period that allowed businesses to get their house in order before the regulation comes into effect on the 25 of May 2018.
The aim of the regulation is to unify and standardise data protection policies, shoring up weak spots and creating a strong base for personal data protection. The regulation provides a single set of rules for all member states to follow (including mandatory security notifications, new rules around user consent, a clearer definition of what could be personal data and greater rights for people to access and request deletion of the information companies hold on them). A special council will be created to oversee sanctions and provide guidance. And before you ask, yes, UK businesses will still have to comply even if Brexit goes ahead. Not only will be still be handling EU citizen data (and therefore subject to GDPR), but the government have also confirmed that they will be passing GDPR into UK law if we do leave.
Now the good news is that most SME’s in the UK aren’t going to be at too much risk unless they deal with lots of financial data. However, that doesn’t mean you should ignore it completely – you still have to be compliant. To help you along, we’ve put together a few tips that will help you get your IT systems GDPR ready.
At All Your Computers, we’re already in full swing helping clients get their business ready for GDPR. While we might not be able to do swish PEN testing for you, we can provide expert advice on backups, security and hosting, as well as providing an outsourced service that will keep you safe and compliant with GDPR (for those bits anyway). For more information, get in touch with us today.