Data Protection: the clock is ticking

By Andy Flinn, RDS Global, supplier of BMF's GDPR and Cyber Audit Plus Services
23 April 2018  

Andy FlinnThe General Data Protection Regulation (GDPR) will become law on 25 May 2018. That’s just over a month from now. If you have been meaning to do something about this for the past 12 months and have yet to take action, the clock is most definitely ticking. No matter what the size of your business, data protection is about to become your single biggest business risk. There are legal and financial penalties for those who chose to ignore the new laws.  

That’s the bad news. The good news is that you still have time to take action and doing so is not as scary as may seem. As the company behind the BMF’s Cyber Audit Plus service, RDS Global can help put your business on the right track, starting with an internal audit of your data records.  This not only gives you legal support to say that you have started the compliance process, but also gives you a detailed understanding of an action plan to make you compliant with the new law.  

What is GDPR?
The new law governs the way we hold, process, store and manage personal data.  It relates to the data files, internal business processes and controls, and the way you run your business.  

How is Data defined?
Data is information relating to any person resident in the UK or EU.  Data is often thought of as just computer records, but the GDPR includes all paper-based records as well. Data may be passed to you by customers and suppliers alike, and vice versa.  Companies in countries all over the world will need to comply with the new GDPR if they want to do business with us.  

An internal audit will help to establish what personal data you hold, where it is held, where it came from, how it was collected, what evidence you have that it has been collected and processed legally, with whom it has been shared (both internally and externally), on what terms it has been bought or licensed, whether and where it has been archived or deleted and who is responsible for its safekeeping.  

What should I do now?
You need to establish what data you hold, where it is, who has access to it, whether you have permissions to use or process this data, and how securely you protect data. You then need to purge all non-compliant data, or seek explicit permission to continue to hold it. Note that data held for a legitimate business purpose, such as support under product warranty, is allowed.  

The next step is to ensure that all new data created from this point forward is dealt with in accordance with GDPR.  RDS Global can assist here.  We also check legal contracts, their compliance with GDPR and the power and obligations held within such contracts, terms and conditions etc.  We can also advise on reviewing your supply chain to ensure that the people you are dealing with are also, or are about to become, compliant. Otherwise it will be like filling a bucket with water, only to find it has a hole in the bottom.  

There is a cost for this service, but it is an essential investment. GDPR compliance will become a requirement before you do business with any other compliant business from 25 May onwards.  Non-compliance could prevent you from trading – a far higher cost.  

RDS Global are accredited as Gold Certified Partners of IASME, who are one of the governing bodies approved by UK GOV. If you would like to discuss the next steps to GDPR compliance for your business, feel free to get in touch on 03330 2211 244. Or drop us an email at [email protected]    

This article appeared in Business Helpdesk in the April 2018 edition of BMJ