Were you ready for the GDPR? If not, don’t worry – help is here!
I am going to share 10 useful resources for the GDPR – the new, European-wide law that replaces the Data Protection Act 1998 in the UK.
1. Get peace of mind by listening to Elizabeth Denham – the Information Commissioner for the Information Commissioner’s Office (ICO).
Listen to what she had to say when the GDPR came into force on the 25th May 2018. Her message is simple and reassuring for those businesses that weren’t ready for the deadline. The ICO is the UK’s independent authority set up to uphold information rights in the public interest, promoting openness by public bodies and data privacy for individuals. The ICO will enforce the GDPR.
- Watch the video to help put your mind at rest
- Find out more about the ICO – how will they enforce the new GDPR?
2. The Seven key principles.
The GDPR sets out seven key principles. These principles should lie at the heart of your approach to processing personal data.
The principles are:
- Lawfulness, fairness and transparency.
- Purpose limitation.
- Data minimisation.
- Storage limitation.
- Integrity and confidentiality (security).
3. How to report a data breach.
You need to know what to do if there is a data breach within your organisation. A personal data breach means a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorised disclosure of, or access to, personal data.
4. The fines!
If you own a business and there is a data breach which isn’t handled correctly you could face extortionate fines.
The GDPR administrative fines are discretionary rather than mandatory. They must be imposed on a case-by-case basis.
There are two tiers of administrative fines that can be levied:
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
The fines are based on the specific articles of the regulation that the organisation has breached. Infringements of the organisation’s obligations, including data security breaches, will be subject to the lower level, whereas infringements of an individual’s privacy rights will be subject to the higher level.
5. The data protection horizon.
There are more data protection changes on the horizon, one of those being the new Data Protection Bill going through parliament at the moment. The new Bill will need to be read alongside the GDPR. Unfortunately, you can’t sit back and relax even if you have ticked all the GDPR compliance boxes. You need to keep up to date with any changes.
6. The GDPR self-assessment checklists.
The ICO has created self-assessment checklists for both data controllers and data processors. Use their checklists to assess your high-level compliance with data protection legislation and to find out what more you need to do to make sure you are keeping people’s personal data secure.
7. Lawful basis interactive guidance tool.
The ICO has produced a lawful basis interactive tool to give tailored guidance on which lawful basis is likely to be most appropriate for your processing activities. It will give a rating for each lawful basis based on your answers to key questions with suggested actions and links to relevant guidance.
8. The ICO Live Chat!
Do you feel like you need to speak to someone about the GDPR? Live Chat allows you to have an online conversation with someone at the ICO.
The Live Chat service is usually available 9am-5pm Monday to Friday (excluding bank holidays). Outside of those times, you can call the ICO on 0303 123 1113.
- Join the ICO live chat
9. The GDPR – the new data regulations and your website
When a website owner collects information about a person, for example, email addresses or contact details – the website owner becomes exposed to a potential data breach. A website owner needs to know what data is being captured and stored on their website and what is being done with that data. Most importantly of all, does the website owner have permission to store that information?
We have created a checklist for a website owner to make sure they are compliant with the GDPR.
- Read our article: The GDPR – new data protection regulations and your website
10. Use Google Tag Manager and Iubenda to adopt the cookie law requirements in line with the GDPR.
Google Tag Manager is a tag management system that allows you to quickly and easily update tags and code snippets on your website or mobile app.
Once the Tag Manager snippet has been added to your website or mobile app, you can configure tags via a web-based user interface without having to alter and deploy additional code. This reduces errors and frees you from having to involve a developer whenever you need to make changes. You can use it to add tags to your website upon certain conditions, for example, user consent.
- Set up Google Tag Manager
- How to configure Google Tag Manager and implement it on your website
If you need help with anything in that article, feel free to get in touch and we can discuss how I can help.
The best bit of advice I can give you about data is – if you don’t need it, don’t keep it!
I hope you found this article useful. I will be following the developments in data protection laws, keeping you updated and informed of any important information. If you have any comments or have found some other interesting resources that you think are worth sharing, contact us today or leave a comment below – I would love to hear from you.