advo believes this is a real opportunity for businesses to create robust practices that will contribute to business growth. We give an outline on the new legislation and advo’s operations director gives her top 5 tips.
GDPR (General Data Protection Regulation) will impact all organisations, large and small, public or private, across all business sectors with non-compliance backed up by hefty fines.
Surprisingly however a recent survey* has revealed that nearly half of European HR professionals (44%) are not familiar with the General Data Protection Regulation (GDPR). Of those who are aware however a large majority (81%) believe they will be ready to meet the 2018. In the UK the ICO (Information Commissioner’s Office), the organisation overseeing the implementation of GDPR, has confirmed that final guidelines will be available early next year giving little time for organisations to finalise their approach.
So what is GDPR and why does advo feel it is a force for good in the business community?
What is GDPR?
This is new European legislation that will come into force on 25th May 2018 across Europe, and it will apply not only to any organisation situated in the EU, but also to any organisation that processes the personal data of EU citizens regardless of where they are based.
GDPR will take many of the concepts under existing privacy laws and enhance and extend them. Where existing laws only apply to data controllers (the owners of the data), GDPR will also apply to organisations that process data.
GDPR will be law in the UK regardless of Brexit. In the Queen’s Speech this month her Majesty said: A new law will ensure that the United Kingdom retains its world-class regime protecting personal data… and it is generally accepted that the Repeal Bill will be used to bring GDPR into UK law.
Substantial fines against both data controllers and data processors will come into force with a maximum being the higher of 4% of global turnover or €20m.
advo’s approach to GDPR
Operations Director, Gill Mateo has been overseeing advo’s approach to becoming GDPR compliant and has designed new protocols many of which have already been adopted across advo’s group of companies.
Outlining her view on how businesses should in her opinion approach GDPR Gill said “The protection of data is a key function of our business and we welcome GDPR as the natural progression of the existing Data Protection Act. In fact any legislation which assists us in our overriding goal to protect our customer’s personal information is a very good thing.”
Gill added “Getting ready for GDPR has allowed us to take a step back and audit our processes and procedures. This has been a very interesting exercise which has led us to update some of our practices in line with the new legislation. In doing so I believe that we have become even closer to our customers in our efforts to provide a robust set of processes. This will allow the continued smooth running of advo while ultimately protecting our customers.”
On getting your GDPR ‘ducks in a row’ Gill said “ One of the first steps for us was to put in place the ICO’s checklist 12 Steps to Take Now. This document gives a lot of very useful information on how to get ready for GDPR, and outlines the new rules and significant enhancements to the current legislation. The document also explained that if a company is compliant with current Data Protection law then that approach and mind-set to compliance will continue to be valid.
The ICO believe that companies who are already compliant can build on their current practices and is a great starting point. This was a great relief for us as some of the press regarding GDPR had presented the new law as being overly onerous, when this is not the case.”
Gill’s top 5 tips for organisations to become GDPR ready.
- If you have not started your GDPR journey then your first step must be to go onto the ICO website and download their 12 Steps You Can Take Now. It’s a great starting point.
- Get the message out within your organisation. Everyone should be aware of the changes and how it affects them. We believe that the protection of people’s data should be part of the bedrock of a company’s culture.
- Do an audit – even for small companies this is a very useful tool and will be the foundation of any changes you need to make within your company. Remember even if you are a small company, this still applies to you.
- If you have merged with another company or taken over another companies business make sure that their procedures and practices are complaint, as they may be very different to your own.
- Relax if you are already compliant with DPA the step up to GDPR shouldn’t be too much of a leap – but you need to start now.
The new data protection regulation should be seen as an opportunity, not a burden. Reviewing current protocols will allow you to modernise your approach and put your customers at ease.
The ICO’s guide to GDPR can be found here.
More information on advo can be found here.
* The Survey was conducted by SD Worx, a global HR and payroll service provider, who contacted 1,800 HR and payroll professionals. SDWorks Press release on their survey can be seen here.