The General Data Protection Regulation, (GDPR) is coming into force from 25th May 2018 and will effect any business that owns or uses data relating to an individual or third party.
In essence it is important that you as a business have protection, procedures and the correct security to store data that could identify someone.
For most business this data will relate to your customers, and be in the form of accounts, order books and contact details.
It is important that you know what data you have, where it is stored, have PERMISSION to have the data and know how to delete it if requested too.
The GDPR applies whether you are a data controller, (someone who holds data) or a data processor, (someone who utilises data held by a data controller).
It is important you check that anybody you share data with has the same GDPR systems in place. So, for example, if you share your customer records with a supplier for delivery details, then the supplier must have GDPR in place.
The fines for not complying are large, and any data breach must be reported within 72 hours to the relevant authority.
- Have permission from individuals for the data you have.
- Know where the data is stored.
- Keep the data secure
- If you share your customer's data with a third party, check they have GDPR in place.
- Data includes paper copies
- Know how to delete individual data
- Security and strong passwords
- Report any data breach within 72 hours.
- Limit any information that can identify an individual
- Educate your staff
- Manage your systems to keep data safe.