What is GDPR? – AlphaLogix GDPR Guidance
The General Data Protection Regulation – GDPR is a new regulation in the EU on data protection and privacy concerning all individuals in the European Union including the UK.
With new data protection laws coming in to force on 25th May 2018 AlphaLogix has recognised that many companies are not aware of the changes and how they may be affected. To assist with this, AlphaLogix has outlined some key points of this new regulation to assist our clients.
Who and What is the ICO?
The Information Commissioner’s Office (ICO) is a UK independent public body responsible for upholding information rights and data privacy. The ICO will investigate claims brought to them that infringe upon the new GDPR regulation (among others).
Can I ignore this new regulation?
GDPR brings in some of the biggest changes in Data Protection for two decades, which will affect every business whether it is B2C or B2B. Ignoring GDPR and its possible effect on your business could mean you are fined up to €20 Million or 4% annual global turnover, whichever is higher!
What do I need to do to be ready for GDPR?
You can start by asking yourself the following questions…
Do you know your data?
- Are you a Data Controller and/or Data Processor?
- Do you have a lawful basis for holding this data?
- How long do you keep data for?
- What types of data do you hold? – Personal Identifiable Information (PII), sensitive data etc…?
- Do you have explicit consent for the data you hold? Can you show evidence of this?
- Do you hold any information about Children?
- Do you have a Data Audit Log with all of this information?
Note: PII can be something as simple as a name and email address (including business email).
Is Your Data Secure?
- Do you have security permissions and encryption in place?
- How is your data protected from the outside world?
- Who has access to your data?
- Do you restrict your data being taken from your internal systems?
- Do you monitor who accesses your data?
- Do you have Non-Disclosure Agreements in place?
Policies and Procedures – What policies do you currently have in place for Data Protection?
- Are these well communicated throughout your company?
- Have you reviewed, updated, and communicated these policies across the company taking GDPR into consideration?
- Do you have procedures in place to cover the rights of the individual?
- Do you have procedures in place to deal with data access requests?
- Do you have procedures in place to deal with a data breach?
If you find that you have more questions than answers and would like more information on GDPR or if you would like a company audit, we are here to help.
AlphaLogix has over 25 years experience in business and accounting software and can advise on best practices and implement software upgrades to ensure your business complies by 25th May.