GDPR and what it means to UK business’sData protection in Europe is about to change significantly. The GDPR regulation is a new set of rules designed to give people more control over what companies can do with their data. It will be coming into force on the 25th May 2018 and will replace the current 1995 EU Data Protection Directive. By law, the GDPR will apply to all businesses and organisations that collect, process or transfer personal data of those within the EU.
The GDPR states that data must be processed lawfully, transparently and for a specific purpose. People have a right to know what data a company holds on them, why that data is being processed, how long it is stored for and who gets to see it. Organisations have a responsibility to ensure that personal data is collected and processed legally. Personal data under the GDPR is defined as any information that can be used to identify a person including names, addresses, emails, phone numbers, photos, etc. This has now been extended to digital identifiers such as IP addresses, cookie IDs, digital fingerprints, etc.
GDPR will also introduce tougher fines for non-compliance and data breaches. The new law creates a much higher standard that businesses can be held to, and large fines of up to €20m or 4% of annual global turnover.
How are Hayward Miller compliant?Over the past year, we have made it our task to ensure the necessary steps are in place to protect personal data and to comply with the upcoming regulation. This has taken the efforts of all HML employees by putting processes and procedures in place to make sure we are meeting our legal obligations.
Below, are some of the things we have done to ensure we are ready for the GDPR.
At Hayward Miller, we have always taken data protection seriously and we pride ourselves in taking proactive steps in ensuring your data is secure. All data is processed by Hayward Miller staff in the UK and is not sold on to third parties. We only use your information when required and retain it for as long as it is needed to complete our work; when that requirement has been fulfilled, the information is deleted.
We are a Cyber Essentials certified business. This is a great way of showing that data protection is taken seriously. The Cyber Essentials certification demonstrates that we are addressing cyber security effectively and have implemented the necessary controls to protect against the most basic internet-based threats.
We have a Data Breach Response Policy in place. This states the processes involved in the event of a breach. Should there ever be a data breach or suspected data breach, our first priority will be to inform our clients immediately.
We also organise regular training on GDPR for all employees. This ensures that all Hayward Miller staff are aware of what the GDPR is, how it affects us and making sure they follow the recently updated company procedures.
Remember, time is running out! Companies have until the beginning of May 2018 to ensure they are GDPR compliant. If you want to know more visit the official EU General Data Protection Regulation webpage www.eugdpr.org.
If you would like to know how Hayward Miller became GDPR compliant, get in contact with us on 01842 821440 or take a look at our website www.haywardmiller.co.uk.
Written & Published by Georgia McGhee