The General European Data Protection Regulations (GDPR) are coming into effect on 25 May 2018. Is your business prepared?
The new law replaces the Data Protection Act, but brings with it stricter rules that affect any business that handles personal data. This applies whether you market, track or handle data and relates to any organisation that works with EU residents’ personal data, irrespective of the business location.
The GDPR has been introduced in light of technological enhancements, the rapid growth of personal devices and increased globalisation. In essence, it gives EU residents greater say over what, how, why, where and when their personal data is used, processed or disposed.
The regulations look at the data you store and transfer anywhere, in or out of your business. Although you may not directly store personal information in a contact record, there are many other instances that could bring GDPR to life. For example, you may transfer such details via an email or hold personal information on a piece of paper.
From 25th May, if you gather, store, transfer or use personal data, you will need to do so under strict conditions. These rules will include a requirement for any people within your organisation who collect and manage personal information to ensure the protection of the data from misuse and to respect the rights of the data owners.
Once the GDPR comes into play, you will need to ensure you have the processes in place to:
- Gain consent to store and process data for EU residents.
- Be able to inform an individual whether you have data about them and if so, how you are using it.
- Be able to provide data to them in a format that they can easily port to another provider.
- Cease use of and completely eliminate any records of them, both past or present.
Helping you meet your obligations
As a service management software provider that collects and stores data, Oneserve is committed to helping our customers meet their GDPR obligations. We have a number of procedures in place to ease the transition and to help ensure ongoing compliance. These range from the introduction of notifications within our software that display clear GDPR guidance, to providing our customers with access to a dedicated information security team. A full outline of our GDPR readiness is available here.
The consequences of not complying are substantial, with serious breaches potentially receiving a €20 million fine or up to 4% of your turnover.
If you haven’t already done so, we highly recommend that you familiarise yourself with the detail of the GDPR to ensure you are prepared for what will inevitably be a significant shift in your data management processes.