With less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, every European business that holds customer information will be carefully reviewing their processes for obtaining, storing and using customer data.
With GDPR’s maximum fine set at a staggering 20 million Euros, or 4 per cent of global turnover (whichever is higher), compliance is imperative, and businesses should be implementing risk management strategies to ensure these potentially crippling fines can be avoided.
Simon Gubbins, Managing Director at Robison, said: “The truth is, much of GDPR is similar to the existing Data Protection Act (DPA), so if you were in full compliance with the DPA you can view GDPR as a way of building on your organisation’s best practice for data protection. However, there are some differences you need to be aware of and plan for.
“For example, one of the key differences in terms of collecting data are the higher standards surrounding ‘consent’. Under GDPR, individuals must opt-in whenever data is collected and there must be clear privacy notices. Consent must be able to be withdrawn at any time and should be separate from other terms and conditions. From a risk management perspective, you need to review how your organisation seeks and records consent, ensure that consent can be easily withdrawn and make privacy notices clear and concise. Finally, you’ll need to look at your existing consents and assess whether they can be updated to meet GDPR standards.”
To mitigate your risk of incurring fines post-GDPR implementation, it is essential to plan your compliance strategy now, and ensure that it is effectively communicated to all key decision makers within your business. To help with this process, download our best practice GDPR checklists – they’ll help you assess your organisation’s risk and identify which areas need improvement before the May deadline.
For a complementary assessment of your organisation’s data protection risk, and pragmatic risk reduction recommendations tailored to your business, please get in touch to arrange an appointment with one of Robison’s Risk Management specialists today.
GDPR Toolkit
