Keep up with the latest hiring trends!
If you’re heading along to Social Talent’s GDPR meetup on Wednesday evening, make sure you’re prepared! Our panel of industry experts includes Alan Mac Kenna from Fort Privacy, one of Ireland’s leading experts on data protection, as well as Roderick Smyth, Chief Strategy & Product Officer of Erecruit. The panel will be chaired by Social Talent’s own Holly Fawcett, and is bound to be an enlightening discussion about the effects of GDPR for your business.
So, what’s it all about?
Changes in regulation relating to individual data privacy can be an intimidating time for businesses. In May 2018, new data protection regulations (GDPR) will be implemented, and will ultimately affect every individual citizen of the European Union. These changes will align EU data practices with those already implemented in Canada, Australia, and Germany. A full understanding of the effects is key for businesses dealing with personal data on a day-to-day basis.
WHAT IS GDPR?
General Data Protection Regulation relates to the protection of stored and collected data. At a glance, GDPR places additional responsibility on businesses to not only comply with new rules but to swiftly report potential breaches. The burden of responsibility will fall to companies, and the collection and storing of data that can easily identify an individual will require explicit consent from that individual.
WHAT IS A BREACH?
Potential breaches should be reported to the ICO as soon as possible, therefore it is essential to understand what constitutes a breach. Activity relating to third-party access, harmful action (whether deliberate or accidental), sending data to an unauthorised third party, the loss or theft of computers which may contain sensitive data, and changes made without due cause are some of the factors that are essential to report. Has data been lost, destroyed, corrupted or inappropriately altered? This may be a breach, and it’s important to act fast.
Breaking these new rules has potential critical impacts, not only for the individual but for businesses too. Failure to respond swiftly and appropriately could result in a fine of up to €10 million, or 2% of global turnover.
HOW CAN WE AVOID IT?
It is of paramount importance that GDPR is understood by everybody responsible for the collection and storing of personal data. Whether your company invites an external expert to educate relevant employees of the changes, or an individual within the company is appointed as a GDPR officer, it is important to be prepared. With a little over two months to go until the implementation of these new rules, what can your business do to ensure compliance and avoid unnecessary confusion?
Know the law
Companies will need to make a special effort to understand and implement a plan of action to ensure the chances of breaches are minimal to none. The day-to-day impact of the new rules is essential to communicate to responsible parties, as well as avoiding jargon or any potential confusion. If your company does not know the law, and the everyday impact of it, then the risk of a breach increases. A handy overview is available from the Information Commissioner’s Office website.
Prepare a response plan
Whether this involves appointing an individual responsible for dealing with breaches, or taking a wider shared responsibility approach to the new rules, it is of the utmost importance that all potential breaches are responded to swiftly. These new rules mean that any potential breach must be reported to the ICO within 72 hours. This report does not need to be comprehensive, and it is ultimately better to err on the side of caution with this.
Understand the rights of the individual
GDPO protects the rights of the individual in a myriad of ways. These rights include the right to be informed, the right to access, the rectification if data is incomplete or incorrect, the right to object to the unlawful use of data for profiling, among others. It is in the best interest of the business to place the rights of the individual above all other concerns, and a comprehensive list, as well as explanations, of these rights are explained here.
If there are 100 businesses, then there are 100 different preparation methods. It is in the best interest of all parties to be open to communication and the sharing of new ideas across relevant industries. GDPR will substantially impact every individual within the EU, and it is therefore essential that the conversation reflects the diversity of business and personal practices. If you would like to hear from leading industry experts about the best way to prepare for these new laws, and what they will mean for your business, you can attend Social Talent’s GDPR meetup on Wednesday, March 21st.