The European General Data Protection Regulation (GDPR) will be in place from 25th May 2018. It will supersede the Data Protection Act (DPA). And any company, big or small, will need to meet the new terms surrounding personal data. This includes the storage, usage and collection of personal information, with hefty fines for non- compliance. So what do you need to know before GDPR rolls out?
Key Changes & Business Impacts
The first thing that businesses must take note of is the definition of ‘personal data’ under GDPR. Which has a much wider scope than under DPA. So what constitutes personal data from May 2018? Article 4 of the GDPR provides a set of definitions.
Other important changes include increased territorial scope (this applies to all companies processing the personal data of data subjects residing in the Union, regardless of company location); strengthened conditions of consent (request for consent must be given in an intelligible and easily accessible form); and penalties for violations (fines up to 4% of annual global turnover or €20 million, based on whichever is the higher value).
Ultimately, the new data regulations put consumers in the driving seat and collecting data from subjects will be much harder with strict protections in place.
See a list of GDPR key changes here.
The Importance of GDPR Compliance
It’s critical that businesses understand that GDPR is applicable to everyone, no matter where your business is based. If your business offers goods and/or services to citizens in the EU, GDPR will apply to your organisation.
Many companies also believe that GDPR is solely an IT issue, relating to websites and the way they capture and store data. But every department will be affected from sales to marketing, IT to ecommerce, HR to finance and operations. It’s essential to train staff on the upcoming regulations and put in place the necessary processes as soon as possible.
GDPR will also concern businesses across every industry and sector, from Online Retail to Manufacturing, the Tech market to Banking & Financial services, Recruitment to Transport and Distribution.
Using Technology to Meet Regulation
GDPR can be complex and getting to grips with new processes puts the potential of penalties at high risk. Organisations are advised to appoint a Data Protections Officer or Data Controller to implement and monitor compliance across the board. Providing them with the right tools and software will help to ensure a smooth transition next year.
There is technology available to help companies with document storage and sharing, such as our partner, DocLogix, which is a Document Management & Workflow solution. It is designed to make the storing, processing and retrieving of documents more efficient; including emails, procurement documents, contracts, reports, invoices and purchase orders, and more.
The key benefit of using a platform like DocLogix is that organisations can ensure secure and reliable tracking of all documentation that comes in and out of the business. With protocols and clearance to allow top line managers to adjust permission settings for different members of staff. The platform can also provide an audit trail, tracking all activity and helping to address GDPR requirements.
In addition to compliance with new data rules, a Document Management solution like DocLogix can also help you save time and resources, dramatically cutting down admin time, and allowing easy remote access from anywhere in the world.
If you would to find out more about DocLogix and how it can help your business with document management, workflow management and GDPR compliance, give us a call on +44(0) 207 030 3146. Or get in touch via our online contact form.
For the complete GDPR guidelines, see the full General Data Protection Regulation document of the European Parliament.