New GDPR Guidelines
What is GDPR?
In short, a set of regulations concerning how businesses protect the data and privacy of EU residents. Every business who operates in all or any of the EU member states (including the UK) will be affected. The guidelines come into effect on the 25th of May 2018.
How will it affect my business?
Sadly, leaving the EU doesn’t get the UK out of it. The UK government are implementing regardless of the current landscape. Those who are exposed as not compliant on or after the 25th of May 2018 can be fined up to 4% of annual turnover or €20m, depending on which is higher. Enough to kill many enterprises.
Therefore it is paramount for companies to review their current status, starting to implement policies and procedure whilst there is still time before May next year.
How can I be sure it applies to my business?
Do you collect data from EU residents? Do you process data of EU residents? Are any of your data subjects based in the EU? If you answered yes to any or all of these then yes, you can be sure it applies to your business.
Still not sure if you collect data?
‘Any information relating to a living, identified or identifiable natural person’.
Newsletters are going to be the most common, however it runs deeper than that. If you store an identification number of a person that can be traced to a name of a user on a database then you definately have the GDPR responsibilities.
What can I do?
Education of the regulations is the key here followed by implementation of administrative assets and outward facing documentation. Once these are in place it is a matter of regular internal review.