Unless you’ve been burying your head in the sand, you’ll now be aware that the 25th May is the deadline for businesses within the EU to become GDPR (General Data Protection Regulation) compliant.
Although this will be the largest change to data protection in the EU since the 1998 Data Protection Act, GDPR should not be feared, as it is being implemented in order to regulate and promote organisations to control their data and to protect consumers.
MC2 Accountants already have a consistent level of data protection and security which complies with existing laws, however it is our aim to be fully compliant with the GDPR by 25th May.
We have been working towards compliance with the GDPR for the past number of months. Below is a brief summary of the steps we have taken to date
- Appointed a data privacy team to develop and implement our roadmap
- A full Information audit was completed and from this we have conducted a gap assessment.
- Reviewing and updating our company procedures and policies
- Improving the encryption technology we use for storing and sending data
- We have implemented an employee training program
- We have generated a plan of remedial action (including time frames) and are currently in the process of implementing this.
“On the whole, the rights individuals will enjoy under the GDPR are the same as those under previously imposed Acts, but with some significant enhancements. Organisations who already apply these principles will find the transition to the GDPR less difficult.” https://www.dataprotection.ie/docimages/documents/The%20GDPR%20and%20You.pdf
Below are the 12 steps to being prepared as advised by the data protection commissioner
- Becoming Aware – Review and enhance your organisation’s risk management processes
- Becoming Accountable – Make an inventory of all personal data you hold, where you hold it, why you hold it, do you still need it and is it safe.
- Communicate with Staff and Service Users – Review all your data privacy notices and make sure you keep service users fully informed about how you use their data.
- Personal Privacy Rights – Ensure your procedures cover all the rights individuals are entitled to.
- How will access Requests change? – Plan how you will handle requests within the new timescales.
- What we mean when we talk about Legal Basis? – Are you relying on consent, legitimate interests or a legal enactments to collect and process data, do you meet the standards?
- Consent – Review how you seek, obtain and record consent.
- Processing Children’s data – Do you have adequate systems in place?
- Data Protection Impact Assessments (DPIA) and data protection by Design and Default – Data privacy needs to be at the heart of all future projects.
- Report Data Breaches – Are you ready for mandatory breach reporting
- Data Protection Officers – Will you be required to designate a DPO.
- International Organisations and the GDPR – Identify where your Main Establishment is located in the EU in order to identify your Lead Supervisory Authority.
http://gdprandyou.ie/resources/
https://www.dataprotection.ie/docs/GDPR/1623.htm
The below Link is a great informative infographic
http://ec.europa.eu/justice/smedataprotect/index_en.htm
The above information is our overview, so we do recommend that you take a comprehensive review of the data you hold to discover what is required for your business to become GDPR compliant. Please click the links above for the official GDPR webpage for an in-depth understanding.
Our biggest advice:
Make a plan now, you have to be compliant by the 25th of May.
Bottom line: Communicate with your customers and show them the value and benefits of your business retaining their data.