GDPR: Not Just Another Acronym

GDPR: Not Just Another Acronym

You may recall the news last summer about a new data protection regulation that’s set to come into effect from 25 May, 2018. It’s called the GDPR, which stands for the General Data Protection Regulation.

Its purpose is to protect the data of individuals within the European Union, and any thoughts that Brexit might kick its adoption in the UK into touch have all but disappeared. This regulation will become law this year, and it will apply to all businesses that retain the personal data of EU citizens.

This information could include something as simple as:

  • Name
  • Address
  • Date of birth
  • Email address
  • Photo
  • IP address
  • Location data

Or more sensitive, such as:

  • Medical records
  • Bank details
  • Cookies used to track online behaviour
  • Race
  • Religion
  • Political opinions
  • Trade union membership
  • Sexual orientation

Effectively, it covers any and all information that can be classified as personal, and that can be used to directly or indirectly determine an individual’s identity. Not only will business owners be required to safeguard their own on-site data storage, they must also give consideration to how business information is stored on the cloud.

GDPR compliance starts now

As with your many other responsibilities as a business leader, it’s vitally important that you ensure your business operations are compliant with these new EU regulations. And you shouldn’t wait until May to get started.

If you’re already maintaining electronic records of individuals within your business, you should be registered with the Information Commissioner’s Office (ICO). They have a range of resources to help you prepare.

We highly recommend you read their 12 steps to take now.

Here’s what we’ve done to get ready

As a firm dealing with highly confidential information on behalf of clients and businesses, we have always been concerned about confidentiality and security.

And for a considerable number of years, confidential documentation has been exchanged with clients via our client portal, Docsafe.

Meanwhile, one of the most misunderstood areas is in relation to email security. Standard emails are not completely secure, and to combat this we recently introduced ShareFile by Citrix. This enables us to exchange encrypted emails with clients in order to avoid any data being breached, lost, or damaged.

Implementing processes and platforms such as those described above will be a very important part of the GDPR.

Your business will benefit

As is often the case with any new piece of legislation, fear mongers are out in force and having a field day. But data protection is too important to underestimate, and the potential penalties for failure to comply with the GDPR don’t bear thinking about.

So, with a sensible approach, and utilisation of the ICO checklists, you’ll be well on your way to ensuring your client data is protected as far as is humanly possible.

And in doing so, your business will certainly benefit by boosting your image and reputation, improving your information security and data governance, and enhancing customer trust in your brand.