- It’s Julian Clary’s 58th birthday
- It’s 41 years since Star Wars was released
- GDPR replaces the current DPA
Cause for celebration all round? Maybe – but certainly, cause for preparation – and we don’t mean saving up to buy Julian Clary’s dog a diamante collar.
So – there’s less than a year to go and it makes absolute business sense to Be Prepared, exactly as the scout motto says. Don’t subscribe to lastminute.com; you’ll only regret it.
And what does GDPR stand for? General Data Protection Regulation, which replaces the Data Protection Act (DPA).
See here for the blog we wrote earlier which explains its evolution.
In brief, the GDPR concerns the rights people have over their personal data*. The DPA has become outdated since technology has progressed so rapidly in the past few years and so much business is carried out online. The new regulations aim to streamline data protection across Europe so that, no matter which country you trade with, or in which country your data is held, there’s consistency in the way data is handled. Helpful for businesses. Reassuring for individuals.
By the way, the fact that we are in the process of leaving the EU makes no difference because the GDPR applies to every business which holds or processes the data of EU citizens. If we want to trade in Europe then we will be obliged to show that UK standards are equivalent to the EU’s GDPR framework. Additionally, GDPR will become mandatory in the UK so even if you don’t trade overseas, it will apply to you.
There’s plenty to be getting on with in the meantime, meticulously outlined by the Information Commissioner’s Office (ICO). Here are five things you could put on your To Do List in the next few weeks. We’ll suggest more in subsequent blogs about GDPR.
- Appoint a data protection officer – crucial. It’s vital that someone takes the lead in this matter, otherwise there’s a danger it will be lost in the piles of other policies every company has to deal with. And, that someone should report to a board member or ideally be a board member.
- Raise awareness – you may know about the impending change in regulations but do all the key decision-makers in your company?
- Organise an information audit – unless you know the current personal data situation in your company (Whose data? Where from? How shared? To whom?) how can you possibly plan for the future?
- Check procedures – do they cover the new rights individuals will have?
- Plan timetable to amend privacy notices – make sure they will meet the new requirements in plenty of time for GDPR.
At Mailing Expert, we’re ahead of the game. Why not join us? Together we can make this happen.
* personal data is not only an individual’s name & address it is anything that identifies an individual from other information, including physical characteristics, pseudonyms, occupation, address, email et cetera or a combination of identification elements; that means business contacts too.