What is the General Data Protection Regulation (GDPR)?
GDPR is a new regulation which will be enforced on 25th May 2018 on all of the European Union. It is intended to protect the right to privacy of EU citizens. The regulation will still apply to the United Kingdom after Brexit in the form of the Data Protection Bill (passed in August 2017) which has similar consequences.
GDPR will impact all business on some level depending on what data you hold but if, for example, you have a marketing mailing list, customer databases, shared drives (e.g. Google Documents) or employee records you will need to take action as it's your responsibility to ensure you legally comply with how you collect, store and process personal information.
You must be able to demonstrate the following:
- You can prove you have the consent to use a person's data (e.g. they have opted in to a mailing list themselves. Someone verbally agreeing cannot be proven).
- You have a data audit in place - how you will use it, why, how it will be stored?
- You have a plan in place if there is a data breach (e.g. your customer relationship management system is hacked and customer details are leaked - how would you deal with this?).
What Action Do I Need To Take?
A detailed overview of GDPR has been prepared for Composites UK members. You can access this in the member's area of the website here (login required).
Additional resources will be able to help you on your way: