A recent IT Security survey found that 61% of UK companies don’t realise that the new Regulation applies to them.
A further study has shown that 21% of senior management have little or no awareness about the effect that the GDPR will have on their organisation. While 31% of the companies questioned had experienced an incident in the last 12 months due to staff negligence or bad practice.
It is essential that companies are made aware of the changes and new obligations in the legislation by May 2018 and time is running out.
The Regulation contains new rights for people to access the information companies hold about them, obligations for better data management and a new regime of fines. Incidents with serious consequences can have fines of up to €20 million or 4% of a firm's global turnover whichever is greater.
Companies covered by the GDPR will be more accountable for the handling of people's personal information. This will include having data protection policies, data protection impact assessments and data mapping showing how the data is processed.
Companies will need to obtain consent and demonstrate why people's information is being collected and processed, providing descriptions of the information that is held, how long it is being kept for and descriptions of the technical security measures in place.
As well putting new obligations on the companies and organisations collecting personal data, the GDPR also gives individuals more power to access the information that is held about them free of charge.
To help prepare for the GDPR the ICO has created a 12-step guide which includes steps such as making key people aware of the Regulation, determining what information is held, reviewing current privacy notices, identifying the lawful basis for processing the data and what should happen in the event of a data breach.
Chapter Three Consulting are a business support consultancy who provide specialist compliance knowledge and GDPR expertise. As an ISO accredited organisation their consultants are able to assist in auditing, supporting the implementation of any changes required and maintaining ongoing compliance.
For further information contact us on 0330 004 0020 or email firstname.lastname@example.org