GDPR Compliancy: Is Your Business Breaching Data Protection?

IT News

Last week, news surrounding popular messaging service WhatsApp revealed the Facebook-owned platform received a fine of €225m for breaching GDPR guidelines. This is the second-highest fine for a GDPR breach in EU history.

Remind me, what is GDPR?

The General Data Protection Regulation (GDPR) is treated with such severity as it’s all about the protection of your personal data. It stands as a universal standard for organisations that process personal data, such as your name, address, telephone number and social security information. Since the act was passed in 2018 by the EU, organisations must obtain correct consent from the individual about how they can access, use and share your data.

What are the risks if my business has a GDPR breach?

Companies like WhatsApp will always grab the headlines. However, even as a small business owner, you are responsible for abiding to the Data Protection Act. Failure to do so, could see fines in the tens of thousands of pounds. Additionally, having to inform your customers you have had a breach could do some serious damage to your reputation.

How can I make sure my business is GDPR compliant?

The three main areas a business must get right are: consent, accountability and data processing conditions.

Consent
Organisations now require written consent from the individual, using clear and accessible language in order to process their data. For example, you will usually be asked for consent to use cookies when you visit a website for the first time. It is important to make sure your consent forms are up to date and abide by the current regulations.

Accountability
Any company that handles sensitive data is called a Data Controller. As a DC, you have a responsibility to make sure said data is stored securely and that you make privacy impact assessments frequently to ensure this.

Processing Conditions
Fair data portability is all about processing data lawfully, fairly and in a transparent manner. This means you should only collect the minimum amount of data required and remember to properly dispose of idle data that isn’t being used anymore.

Need further guidance?

We’d be happy to support your business in becoming GDPR compliant with our GDPR and Cyber Security Training. To find out more, don’t hesitate to get in touch by emailing education@bcs365.co.uk today.

Menu