GDPR: What you need to know in order to start preparing

Businesses that process the personal data of EU residents have a limited time to ensure that they are compliant before the the General Data Protection Regulations (GDPR) are enforced next year.  The new legislation introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data.

At Systemagic we understand that a lot of the information regarding GPDR can be highly technical and somewhat overwhelming, which is why we’ve put together a simple need-to-know guide that highlights the key questions we believe you need the answers for before the legislation is put in place.

What is GDPR?

The General Data Protection Regulation (GDPR) will be enforced across Europe, including the UK, in May 2018. The law is to be put in place with the intention to strengthen and unify data protection by giving citizens more control over their data. It aims to do so by ensuring companies have a complete overview of the personal data entering, leaving and being stored within the business.

Why should I care?

If you run a business then you should take note, the new law will affect any business that holds personal data on customers, prospects or employees based within the EU. If you ignore these laws then you could be faced with a hefty fine!

How will this impact my business?
  • If your business is not in the EU, you will still have to comply with the Regulation
  • The definition of personal data is broader, bringing more data into the regulated perimeter
  • Consent will be necessary for processing children’s data
  • The rules for obtaining valid consent have been changed
  • The appointment of a data protection officer (DPO) will be mandatory for certain companies
  • Mandatory Data protection impact assessments have been introduced
  • There are new requirements for data breach notifications
  • Data subjects have the right to be forgotten
  • There are new restrictions on international data transfers
  • Data processors share responsibility for protecting personal data
  • There are new requirements for data portability
  • Processes must be built on the principle of privacy by design
  • The GDPR is a one-stop shop
What should I do now?

The clock is ticking and businesses should be using the next 11 months as a transitional period to apply the GDPR provisions before it’s too late. Our advice is simple, prep early! Train your staff so they’re in the know, review your privacy settings in house and prior to the implementations have an external audit completed so you know you’re secure from the penalties.

It’s really important that you get your head around the new regulation now so that you can avoid any potential business fines come 2018. At Systemagic HQ we’ll be hosting our very own round-table breakfast session in early Autumn to give our clients the all the information they need before the regulations come into play. If you’d like any more information or fancy coming along then please get in touch!

Back to our blog
Get in touch today