What You Need to Know about the General Data Protection Regulation
Do you do business with people in the European Union (EU)? If so, you have less than 5 months to make sure your data protection protocols comply with the new General Data Protection Regulation. If not you could face heavy penalties.
What is the General Data Protection Regulation (GDPR)?
This new regulation applies to any business in any country that holds, transmits, or processes personal data of EU citizens. The General Data Protection regulation will take effect May 25, 2018, and strengthens requirements around many aspects of using personal data, including the destruction of this data. Some of the key features of this new regulation are:
- Public Authority bodies that process personal information must appoint a nominated Data Protection Officer (DPO)
- An individual has a right to request the deletion of their data. When this occurs, the data controller must delete personal data in a secure manner
- Data protection authorities will be able to ask to review your privacy policies and procedures at any time
- Certain types of breaches must be reported within 72 hours, requiring a breach notification process that is compliant with the law
- Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 million
How to Stay Compliant
Becoming compliant with this new regulation can be a long process as staff adapt to new responsibilities and protocols. For this reason, it is best to start implementing these changes as soon as possible so you are up and running once the GDPR comes into effect. Here are some actions to take in order to stay compliant:
- Prepare or Update Your Information Security Policy
This policy should include categories of data your business handles and how long they should be destroyed. You will also want to include methods of information destruction for both physical and electronic data. This policy also needs to lay out how your company will be keeping an accurate record of what information has been destroyed.
- Appoint A Data Protection Officer
If you are an organization that carries out the ‘regular and systematic monitoring of data subjects on a large scale’, process sensitive personal data, or data relating to criminal convictions appointing a DPO or Data Protection Officer is mandatory. Depending on your organization, this may involve creating a new position and adding another employee (or employees) to your team.
- Introduce Privacy Impact Assessments
These are essentially risk assessments that identify areas where an individual’s personal data could be at risk throughout its processing. These assessments ensure that you are proactively thinking about data protection at the start of a project.
- Develop a Breach Notification Process
Certain types of data breaches must be reported within 72 hours. If you have experienced a data breach before, you know this is not a long time. Having a response plan in place allows you to act quickly and efficiently while staying in compliance with the law.
- Train Staff on Confidential Data Policies
Everyone within your business plays an important role when it comes to data protection. Be sure to train staff on all policies, and ensure they are followed through. Staff should be informed of all legislation and what their responsibility is to ensure client’s personal information is protected.
- Enlist the Help of Professionals
Don’t take chances with something as important as data protection. Get legal advice from a legal team that specializes in data protection legislation to ensure your business is compliant and protected. Also, consider enlisting the help of professional document shredding companies and hard drive destruction companies to help keep your business compliant.
ConfiData is Ready to Help
Our paper shredding and hard drive destruction services are designed to comply with data protection regulations. You receive a Certification of Destruction after each service, allowing you to accurately record the secure destruction of personal information. We also work with businesses to help strengthen their information security policies by identifying gaps in their policy or suggesting more secure methods for data storage, transport, and destruction. Don’t wait until it is too late! Give us a call today at 1-800-62-SHRED or fill out our quick contact form to get the conversation started.