Precision, when it comes to data processing will becomes even more important following the implementation of General Data Protection Regulation on May 25th, 2018. With potential fines of up to 4% in global revenue or €20 million, compliance with GDPR should be at the forefront of every business strategy. GDPR is a sizable advancement of previous data regulation; it has three times as many articles and five times as much information. This amount of information can be difficult to shift through for companies attempting to restructure their data processing for the first time.
The first step for any company beginning the journey of being GDPR compliant is a thorough audit of existing business data. Regular data audits, data management reviews and data processing checks will have to happen regularly for a company to avoid fines, and maintain a good relationship with the data commission. The main changes to the data processing regulations for organisations under new GDPR are:
- Consent from consumers must be clear and concise: it must be “freely given, specific, informed and unambiguous”.
- Privacy by design must be standard in customer communication. The consumer must actively opt into offers.
- Maintaining and enforcing an organisation’s own protocols is now legally required under GDPR.
- Businesses must employ a Data Protection Officer to oversee the proper implementation of data processing law.
In order to comply with the number regulations, companies must first have an understanding of their own information; where their data is stored, what data is processed, and how they gather it from consumers. Audits are used to identify any areas of concern within a business regarding the processing of personal data. Under GDPR, companies are legally obliged to carry out audits on their processing activities. Firstly, if a company has existing personal data from individuals, the information must have been gathered in a GDPR compliant manner, otherwise a business must request consent from the individual again.
GDPR regulations help organisations to meet the standard being set by the regulations. Having a competent Data Protection Officer is half the battle towards GDPR compliance and the sooner organisations can employ one, the more effective their data processing audits will be. The checklist for data processing audits contains the following headings:
- Consent: At the time the personal data was obtained, was the individual made aware of the uses for the information?
- Purpose specification: Is the organisation clear about why they gather and keep personal data?
- Use and disclosure of information: What are the rules surrounding the purpose and security of the personal data? Are members of staff aware of these rules?
- Security: Is there a set of procedures in place in the event of a breach? Is someone responsible for the overseeing of these procedures and their implementation?
- Adequate, relevant and not excessive: Is all the personal data that is processed and stored necessary for the purpose it was gathered?
- Accurate and up-to-date: Is the data checked for accuracy? Is there a procedure for keeping data up-to-date?
- Retention time: How long is personal data kept for? Was this length of time made clear to the individual?
- The Right of Access: Is there a system in place whereby individuals can request the removal of their data? Are these procedures in compliance with GDPR?
There is an overwhelming amount of information available concerning GDPR and what exactly your business needs to do to comply. This is where Asystec comes in. Asystec is here to make GDPR compliance easy for you and your business. We have existing structures in place for your company to implement immediately, making GDPR compliance simple. Understanding how GDPR applies to your business can be difficult to understand because of the amount of information available but Asystec can do this research for you. To make GDPR compliance simple, contact Asystec today.