SMEs must prepare now for the General Data Protection Regulation

The purpose of Data Privacy Day is to raise awareness and promote privacy and data protection best practices.

Data protection day on the 28th January encourages businesses to reconsider their policy

Data protection day on the 28th January encourages businesses to reconsider their policy

As the eleventh annual Data Protection Day approaches, Robert Guice, senior vice president, EMEAA at Shred-it, says, ‘For businesses of all sizes across the UK, protecting personal data, both physically and electronically, has never been more important.

‘The data protection landscape has changed rapidly in recent years, and will continue to do so with the incoming General Data Protection Regulation (GDPR). This is the first truly global piece of data protection regulation, which will apply to all companies in the UK and beyond from May 2018.’

Guice adds, ‘This Data Protection Day, we urge businesses to get ahead of the curve and prepare for the requirements stipulated by the incoming GDPR.

‘These range from stricter rules around securing consent for the use of personal information to, in some cases, the introduction of a designated data protection officer within the workplace

‘Ensuring your organisation is fully compliant with the forthcoming regulations protects your business and employees against the possibility of a damaging data breach, safeguarding against potentially damaging financial penalties that will be issued if a company is not in line with the law. Above all, acting now will reassure customers, partners and employees that you take their data protection seriously.’

To help businesses fully prepare for the new legislation, and to help mitigate the risks of a data breach, Shred-it has provided four top tips for businesses.

Understand what the GDPR is, as well as its implications

It’s critical that businesses give themselves a head start by working with partners now to ensure they understand the legislation that will come in to force in May 2018. Make sure your business is fully compliant with the incoming regulations to avoid any pitfalls.

Conduct an information audit

Businesses should take stock and document exactly how their data is processed, stored, retrieved and deleted through its lifecycle. This will allow them to pinpoint where data may be most unprotected or at risk.

Implement thorough procedures that are in line with the GDPR

Once a full audit has been conducted, think about what data protection policies could be introduced to further mitigate the risks associated with lost or stolen data.

From practical policies (such as a Clean Desk policy) that help prevent data breaches, to response plans that enable businesses to act quickly when a breach does occur, all options should be considered.

Appoint a designated data protection officer

To ensure more responsibility is taken at all levels and to prepare for the incoming GDPR, appoint a data protection officer (DPO) to take ownership of overseeing compliance and to assess where it sits within the organisation.

On top of this, staff should be trained more frequently on the key data protection policies and issues so that they too have a better understanding of the importance in protecting individuals’ information.

Further reading on protection

Comments (0)