GDPR Compliance: your next steps
GDPR Compliance: your next steps, Fabric IT
Everyone is talking abut GDPR, but not everyone is clear about what it is, what it means and what needs to be done. So here is our quick ‘layman’s guide’ to GDPR, focusing on the steps you need to take to be compliant.
What is it?
The EU’s General Data Protection Regulation (GDPR) comes into force on 25 May 2018, following a two-year transition period. Its aim is to harmonise data protection regulations throughout the EU. It also extends the scope of the EU data protection law to all foreign companies processing data of EU residents. On the upside, it makes it easier for those companies to comply with European regulations; on the downside it introduces severe penalties for non-compliance: up to 4% of worldwide turnover.
GDPR also brings a new set of “digital rights” for EU citizens. In our digital economy, the economic value of personal data has never been higher. The best reason for being GDPR compliant isn’t to avoid a big penalty. It’s to be in a position to make the most of an invaluable asset.
Start with an audit
The first step in your GDPR journey is to work out what personally identifiable information (PII) you have, and where that information resides. Don’t forget that GDPR applies to all data, not only digital. If you have files on paper, they must be included.
What counts as personal data?
Anything that could possibly be construed as personal data must be covered in your audit, including:
- Email addresses
- Social media posts
- Physical, physiological, or genetic information
- Medical information
- Bank details
- IP addresses
- Cultural identities
Keep accurate records
Whether your information exists in the cloud, on servers, on individual computers (including tablets and phones), on removable media, on emails, in backups…anywhere. There are no exceptions. Once you have found all the personal data you possess in different places, write it all down. Keeping accurate and continuously updated records was always a good idea. Now it’s essential.
Get everyone on board
Everyone involved in your organisation needs to know what GDPR is, what it means and what their role is in ensuring compliance. Use staff briefings, external courses…whatever it takes to have everyone working harmoniously on your compliance.
Clear the decks
Because you have to take stock of the personal data you collect and hold, this makes it a great time to review when and why you collect data. Ask yourself “do we need this data, or do we just happen to have it?” If you can do without it, shred, delete or otherwise dispose of it as soon as possible.
Use it as an opportunity to futureproof your data management
Data is the lifeblood of business now and in the future, so you can bet your life that GDPR isn’t the last major upheaval you have to deal with. That’s why now is a great time to consider consolidating all your data – especially if your audit shows that you are currently storing data in a number of different places.
Having it all in one secure, convenient and always-accessible place won’t only help you to remain GDPR compliant. It can also make your whole organisation more efficient and ready for whatever the future brings.
And if you happen to decide that an integrated cloud-based system covering your whole business is the answer, Microsoft Dynamic 365 is well worth considering. As Microsoft Gold Partners, we at Fabric are perfectly placed to advise you on this.