Data protection has become an ever more important issue as use of the Internet has grown. The more data that is collected online, the more potential there is for the data to be compromised. For several years there has been talk of introducing more uniformity to data protection rules across the EU. Now the General Data Protection Regulation (GDPR), which was agreed in 2016, is set to make that happen.
GDPR becomes law on 25 May 2018, and it is important that businesses pay attention to the new rules that it introduces, as failure to comply with these rules could result in fines of up to €20m euros or 4% of annual turnover, whichever is higher.
What Businesses Need to Think About
If you want your business to be GDPR compliant, there are several things that you need to consider.
- You need to know what data you are holding and why you are holding it.
- You need to ensure that there is a structure in place, to enable effective management of the data.
- You need to know who is responsible for each item of data.
- You need to ensure that sensitive data is encrypted.
- You need to ensure that there is a culture of security awareness within your business.
- You need to ensure that you have a plan in place for reporting any data breaches within the mandated 72 hours.
Every one of these areas is important, if you want your business to be GDPR compliant. It is also important to remember that customers prefer to deal with a business which takes the security of their data seriously. Therefore, by ensuring that your business is GDPR compliant, you are also making it more likely that people will want to purchase your product or service.