Data protection legislation began long before internet use became so widespread and while it has, to an extent, evolved to meet the ever-changing digital landscape, the existing rules and regulations do not adequately cover the challenges presented by the global sharing of data, which is why reform has become so necessary.
The GDPR was designed to simplify existing regulations and to provide a framework that provides clear standards for global data sharing. The GDPR ensures that all businesses, however large or small, must think seriously about how they collect, use and store data. The point of the GDPR is to:
You need to comply with this regulation if you sell to and store personal information about customers within the EU. This means that you don't have to have an actual business in the EU to be bound by this new legislation. If you offer goods and services to EU citizens and residents, monitor their behaviour or collect their data, this regulation is going to affect you.
There are several differences between how the GDPR will affect large businesses, and against small businesses.
Firstly, businesses with 250 or more employees must employ a Data Protection Officer, or DPO, to guarantee responsible data collection and storage.
Businesses with under 250 employees will still be affected if:
All businesses, regardless of size, must swiftly report any breaches or failures. Infringements under the GDPR are likely to result in far more stringent financial penalties than previously.
Whatever size your business is, you're going to need to have the right procedures in place to handle these changes.
The GDPR definition of personal data is essentially any information that relates to an identified or identifiable person. This means anything from photographs to ID numbers, and email addresses to locations. It will also include online markers such as cookies and IP addresses.
To hold data, companies must be able to show the individual consented to this data being held. It must also be clear that the individual knew what they were consenting to.
Also, individuals must be allowed to be forgotten. That is, they must be able to withdraw consent for the company to hold that data.
By streamlining and simplifying regulations, GDPR will make it easier for companies to conduct business throughout the EU, and individuals will have more confidence in engaging with them.
Here at Office Solutions IT, we understand that you will have concerns as to how GDPR applies to you specifically – and whether you are compliant. We can talk you through GDPR in detail and audit your IT security to ensure that your business complies.
For more information about the GDPR, please see the official website.
Office Solutions IT offers IT services to businesses throughout Australia and has an experienced team waiting to help you improve your IT systems and processes.