Businesses all over the country rely on data. It’s crucial in keeping operations smooth and keeping staff happy. The capture, storage, and safe destruction of physical and digital data must be a priority for all responsible businesses complying with the regulations enforced by the Data Protection Act (1998). The act ensures that data is processed safely and that the security of personal and confidential information is protected against possible theft and fraud.
Recently, the Government’s watchdog, the Information Commissioner’s Office (ICO) released an overview of a new EU General Data Protection Regulation (GDPR), due to be introduced in May 2018. The new regulations mean that UK businesses will be required to be accountable for the secure storage and destruction of information by establishing an auditable framework for employees.
“But Brexit!” we hear you say.
Any business handling the personal data of EU citizens (of any overseas suppliers, for example) will need to comply. This means that many UK businesses will still need to take GDPR into account, even following Brexit. What’s more, with so many organisations now trading and sharing across both physical and digital borders, having consistent safeguards in place is crucial to responsible data handling.
With the end of the financial year fast approaching, the disposal of all your unnecessary paperwork, files, and invoices might be on your mind. In this blog, we’ll talk you through the new GDPR and how you can make sure your business is compliant.
GDPR – what is it?
The GDPR acts just like the existing Data Protection Act (1998) we have now – it protects the security of personal data. For most businesses, nothing will change. For the broad part, assume that if it falls within the DPA, the same applies to the GDPR.
The new regulations differ from the DPA when it comes to responsibility and accountability. The GDPR encapsulates the recent changes in technology, marketing, and data collection, meaning any online identifier, e.g. an IP address, now counts as personal data. It also extends regulatory powers beyond EU borders, taking into account new possibilities – and dangers – of sharing data across the globe.
From the individual’s point of view, the GDPR will work to safeguard our rights as ‘data subjects’ – you’ll be able to request a copy of any data held about you, and no data will be processed without your informed consent.
The GDPR will also strengthen penalties for non-compliance. The maximum fine dealt to organisations breaching the DPA currently stands at £500,000 – under the GDPR, the potential fine is as high as €20 million or £17.2 million.
These penalties certainly raise the stakes of data collection, storage, and protection, and will give many businesses the encouragement they need to be vigilant and accountable for the data in their possession. Faced with these dramatically increased fines, it’s crucial to review your practices and get prepared now.
What do I need to do?
The new regulations mean that you will need to have an effective, documented, auditable process in place for the secure destruction of confidential information. Before you do all the leg work, assess how the GDPR will – or might not – affect your business, and take steps to understand your current DPA/GDPR compliance as well as how you store, handle, and destroy data. Carry out risk assessments and internal audits, implement a management plan for potential breaches, and destroy physical and digital data in a timely fashion.
You might also want to get your staff trained on the mechanics of the new regulations. This will iron out any kinks in your data management strategy and ensure everyone is on the same page when it comes to responsible data handling. If your business employs more than 250 people, you might consider hiring a Data Protection Officer to take care of compliance.
Can Universal help me?
In short: yes.
We have several services available to help businesses across the country with their data management, encompassing data capture, records management, secure shredding, and electronic data destruction.
We work in partnership with several professionally accredited companies – PHS Maxitech, PHS Datashred, PHS Records, and Capital Culture – to provide a compliant, accountable, and efficient service with respect your data, legal obligations, and budget.
Because data management can be costly – in terms of time, space, money, and headaches – for the business owner, we make our services as transparent and comprehensive as possible.
Our secure shredding is in line with European security levels, and we’ll wipe or destroy any electronic data from your devices before we recycle them on your behalf. We’ll store your archived documents and media in high-security vaults, and you can retrieve them at any point, too – just give us a couple of hours.
Do you have questions about the GDPR and how it’ll affect your business? If you’d like to talk to us about the new regulations or any of our secure data management services, view the full breakdown here or call our dedicated team on 0845 345 0061.