A Guide to GDPR from a Business Perspective

GDPR – otherwise known as the General Data Protection Regulation – is a set of EU regulations that have been in practice since 25th May last year.

But nearly eight months on, some businesses are still unsure about certain aspects of the new rules. We have produced a brief GDPR guide to answer some of these questions, and offer advice on how you can avoid breaching any regulations.

What is it?

It’s a series of rules created by the EU that replaces the 1995 Data Protection Directive.

GDPR applies to companies that are engaged in the processing of personal data of EU or EEA (European Economic Area) residents. So, even if your business isn’t based in either of these areas, the rules could still apply if you process EU/EEA residents’ data.

What makes it different?

The previous regulation failed to keep up with modern technology and the rapid expansion of the internet. GDPR goes further than the previous initiative, by requiring:

Access: GDPR allows people to access personal information that companies hold about them, which includes allowing them to rectify or emit this data if they request it. This is known as Subject Access Request (SAR), and companies must provide the information within one month of the request.

Consent: Explicit consent must be given when businesses ask people for permission to use their data in a certain way. Pre-ticked boxes, ‘silence’ or inaction of the data subject must be avoided.

Privacy: Any privacy notices or documents relating to your business must be altered so that they conform to the GDPR guidelines.

Responsibility: If businesses fail to comply, they could be met with a fine of 4% of their turnover. Legal action could also be brought by individuals or non-profit groups on behalf of the data subjects.

Accuracy: Every reasonable step must be taken to make sure that data is kept up-to-date. Also, any amendments of data must be recorded.

Security:  To keep up with ever-increasing cyber security threats and data breaches, the new GDPR guidelines indicate that thorough measures should be in place to protect personal data. As well as software security, physical security should also be of utmost importance.

How ICT Solutions Can Help

Allow us to become your GDPR consultant. We offer a GDPR compliance service to help you avoid getting on the wrong side of the law, even if it is unknowingly.

Our team of IT specialists are on hand to advice and consult with you, and generally help you stay GDPR compliant. Contact us now.