Last week, news surrounding popular messaging service WhatsApp revealed the Facebook-owned platform received a fine of €225m for breaching GDPR guidelines. This is the second-highest fine for a GDPR breach in EU history.
Remind me, what is GDPR?
The General Data Protection Regulation (GDPR) is treated with such severity as it’s all about the protection of your personal data. It stands as a universal standard for organisations that process personal data, such as your name, address, telephone number and social security information. Since the act was passed in 2018 by the EU, organisations must obtain correct consent from the individual about how they can access, use and share your data.
What are the risks if my business has a GDPR breach?
Companies like WhatsApp will always grab the headlines. However, even as a small business owner, you are responsible for abiding to the Data Protection Act. Failure to do so, could see fines in the tens of thousands of pounds. Additionally, having to inform your customers you have had a breach could do some serious damage to your reputation.
How can I make sure my business is GDPR compliant?
The three main areas a business must get right are: consent, accountability and data processing conditions.
Any company that handles sensitive data is called a Data Controller. As a DC, you have a responsibility to make sure said data is stored securely and that you make privacy impact assessments frequently to ensure this.
Fair data portability is all about processing data lawfully, fairly and in a transparent manner. This means you should only collect the minimum amount of data required and remember to properly dispose of idle data that isn’t being used anymore.
Need further guidance?
We’d be happy to support your business in becoming GDPR compliant with our GDPR and Cyber Security Training. To find out more, don’t hesitate to get in touch by emailing firstname.lastname@example.org today.