Securing your Platform: Everything you Need to Know About Preparing for GDPR

It wouldn't be an overstatement to say that the General Data Protection Regulation (GDPR) is easily the largest revamp applied to data protection laws since their creation in the 1990s.

In the 1990s cookies were nothing more than the ideal accompaniment to an ice-cold glass of milk and instead of googling we were all yahooing or asking Jeeves. It surprises precisely no one that processes developed more than 20 years ago have been failing to keep up with the increasingly complex demands of modern life. Although GDPR will, of course, require businesses to make alterations, the apocalypse is NOT coming and there's nothing to fear.

So, if you have happened across any articles openly proclaiming every apparent potentially negative consequence GDPR could bring when it comes into effect on May 25, it's safe to say you can file those under 'scaremongering - ignore' and never look at them again.

Alright, so what exactly is GDPR?

GDPR has been 4 years in the making and will demonstrably alter the ways businesses handle and process data. This new mutually agreed European framework will replace the 1995 data protection directive and has been designed to provide increased rights and protection for individuals while simultaneously 'harmonising' the data privacy laws across European countries.

The growth in the digital economy really, really needs consumer trust and giving consumers some autonomy over how their information is used is obviously a good start.

I thought we already had laws covering data protection?

You're right! Currently, every EU member state has its own laws which operate under the 1995 data protection directive. In the UK, this is the 1998 Data Protection Act which covers how the Government, businesses, and other organisations can use personal information.

As the GDPR will alter the usage of personal data, the UK Government has published its plans for a new Data Protection Bill which broadly covers everything in the GDPR but with a few minor alterations. This still needs to pass through the Commons and the Lords but once complete it will become law and won't be affected by Brexit.

Ch-ch-ch-changes: 9 Steps to GDPR Preparation

1. Ensure that key figures and decision makers are aware of GDPR and understand its implications.
2. Clearly document the personal data your business holds, how you obtained it, and who it is shared with.
3. Review your privacy policy and implement any required alterations.
4. Ensure procedures align with the new rights afforded to consumers and that you clearly understand how you would permanently remove records from your database.
5. Develop procedures for the appropriate response to access requests within specific timeframes.
6. Make sure your processing activities have a lawful basis and explain this in your privacy notice.
7. Ensure you have solid procedures in place in the event of a data breach.
8. Think of the children. Will you need to introduce systems to verify the age of your audience?
9. Appoint a Data Protection Officer or other individual to take responsibility for compliance.

The GDPR will apply to every business or organisation handling the personal data of any EU citizens and contains 99 separate articles. If you'd like to have us on board to help you iron out any GDPR related creases, just give us a shout!