GDPR or the General Data Protection Regulation is aimed at protecting the rights of individuals and enterprises. Despite GDPR rules now being in existence for quite some time, there are still many businesses and organisations who are still unclear on the rules and whether they meet the criteria.
Today we’re looking at whether you’re GDPR compliant and to understand that fully, it’s worth looking at the expectations from GDPR compliant organisations because unfortunately, ignorance isn’t a defence against non-compliance.
What’s Expected Of You?
A GDPR company must ensure they’re following a series of principles that are meant to process and secure information; they should also remember that they have complete control when it coms to the risks connected with the information.
Being GDPR compliant however, doesn’t just mean checking boxes and ensuring information is gathered correctly; it also means that you protect consumer rights too, whether that’s through behavioural or even cultural changes within your organisation.
GDPR in a sense, isn’t a new approach as most companies have been adhering to certain terms for safeguarding information, for the past two decades, even before the 1998 Data Protection Act however, checking GDPR compliance gives you an opportunity to revisit your organisations methods to ensure you’ve established proper controls.
Checking You’re GDPR Compliant
Here’s a great list to check your company against, to help you determine if you’re GDPR compliant:
- You must abide by rules laid down by GDPR if collecting information from citizens in the EU.
- You do not have to be located in the EU to be GDPR compliant.
- You must gain permission for storing someone’s personal data.
- You must notify people what you intend to do with their information.
- You must collect the correct kind of consent for keeping information from EU users – this is known as ‘active consent’
- The minute you detect a breach of information, you must notify the supervisor authority within 72 hours.
- You must also implement the correct protocols in the event of a breach.
- You must obtain electronic copies of private records and provide access to said records to those who request it.
- The data controller is responsible for removing personal data when requested.
- The data controller must also refrain from sharing information to third parties.
- You must ensure that data controllers and data processors appoint a dedicated data protection officer.
- Implement the required data security in every single process and product.
Auditing Your Data
If you’re unsure as to whether you’re GDPR compliant or simply want your organisation to undergo a thorough audit of identified data to make sure that you are, Capital can help. Here at Capital, we can provide the necessary audits to ensure you have all processes and securities in place to ensure you’re fully GDPR compliant.
With business processes and of course, technology evolving continually, the risks associated with GDPR are increasing too. With Capital however, you can rest assured that you’re maintaining GDPR principles in every aspect of your business. Contact us today on 0800 013 2182.