The General Data Protection Regulation has been described as the most significant overhaul in data protection in a generation.
Statistics suggest that the majority of organisations are still not prepared despite the prospect of irreparable reputational damage and being fined €20m or four per cent of worldwide annual turnover if they do not comply.
A crucial step in preparing your business for GDPR is conducting a data audit, i.e., understanding what information is coming into your organisation, what’s leaving, who has access to it and for what purpose.
Kate Lewis, head of privacy and data compliance at Chester-based identity data intelligence firm GBG, says it all boils down to knowing your data.
“All businesses need to be aware of what data they’re collecting, where it comes from, what it’s being used for, when it was last updated, where, how and why it’s being stored and for how long, who has access to it and whether or not it’s being passed on to any third parties,” she says.
Rob Sheldon, partner at law firm Fieldfisher, says it’s important to remember that personal data isn’t just limited to names, addresses and marketing databases, but also covers cookies, IP addresses or IMEI numbers on devices.
“Start to map your data: what do you collect, what do you use it for, who do you share it with and where does it go in the world?
“Once you’ve done that you can start to form a gap analysis. Then, get a project team up and running. This is not just a legal or compliance issue, or a case of giving it to in-house legal or external legal advisors.”
Emma Ball, senior associate at law firm Squire Patton Boggs, says ‘data mapping’ is a critical step for compliance.
“Only when you understand what data you hold and what you do with it can you even begin to assess where you sit in terms of GDPR compliance and where you need to focus your efforts,” she says.
Cloud hosting firm UKFast is providing free GDPR pocket guides containing valuable resources and guides from industry experts to help support businesses. Request your free copy here.