The General Data Protection Regulation (GDPR) comes into effect on the 25th May 2018, creating a new benchmark for data law around the world. Find out what you need to do to make your business data compliant.
The General Data Protection Regulation (GDPR) will change the way we store and share data forever. It not only gives greater transparency to individuals; it also forces businesses to report in more detail should there be a data breach.
GDPR is not an opt-in policy, non-compliance can result in heavy fines for businesses, large and small, who do not have the right measures and tools in place. Fines can amount to four per cent of your global turnover, or sanctions of up to £17m.
Are you prepared yet? Here we take a look at what you need to do to be GDPR ready by the 25th May deadline.
Step 1: Know what GDPR entails
The GDPR is a major change in data security and something all businesses need to take seriously and act upon. The first thing you need to do is find out what is required of you under the meanings of the new rules.
Step 2: Audit all personal data
Under the terms of GDPR, ‘personal data’ is any information stored by your business that relates to the identity of any living individual. These records may be stored electronically, on a hard drive, or the cloud, or in paper form. Regardless of its location, your business needs to be aware of what personal records are held, who has access to it and why it is being held.
Step 3: Review data storage policies
GDPR is forcing your business to review and redefine data policies, from how you record to how you store personal data within your business. The content and structure of this policy will vary depending upon the requirements of your business. Whether you are storing digitally or in paper form, security will need to be a key factor of your policy.
If there is to be large-scale processing of personal records then it may well be necessary to appoint a Data Protection Officer (DPO). Their role will be to regularly monitor the data processes and whether they are adhering to the compliancy regulations.
Step 4: Updating Client Data
If you are to continue to store the personal data of clients, you will need to communicate with them and have signed documentation that they adhere to new privacy notices. They will need to know how this information is stored and why. More importantly, clients will also need to be fully aware of their rights in regards to how they can access this stored data, so they can check whether it is accurate or relevant to the relationship you have with them.
Step 5: Are you covered?
Along with meeting the requirements of GDPR it is also vital that you are aware of the failure to comply, or the regulatory fines from the ICO, or compensation claims from individuals arising from an actual data protection breach. Not only should you check as to your current insurance policies with regards claims, but also look to put better provisions in place should the worst happen.
Step 6: Demonstrating compliance to GDPR
Once your business is GDPR compliant a new principle of the directive is that companies need to be able to demonstrate how they meet data protection principles. This will primarily be the role of the Controller within your organisation, but Processors will also need to be familiar with the various steps needed to meet the needs of GDPR. As a result, training and refresher courses should become a mandatory part of business life.
These new rules cover not only what you need to do in terms of meeting the new directive, but also in staying current once it is introduced. Speak to your legal team or a legal advisor about what GDPR means for your business and elicit their help in drawing up company-wide plans.
How Sharp can help you comply with GDPR
Sharp’s comprehensive security offering, combining device management, output management and document management solutions with our strong heritage in technical consultancy can help your business towards GDPR compliance.
One aspect of GDPR is considering who has access to personal data. Sharp’s Cloud Portal Office data storage and sharing service protects data with secure access via a log-in and password, includes version tracking of document so that you have a record of when documents were accessed or altered and by who, and data retention management to make sure you keep data only for the amount of time that you need it.
Sharp multi-function printers (MFP) offer secure access too. Access can be restricted via user number (PIN) or login name and password combination. All user credentials are communicated to the MFP using a combination of secure protocols to help avoid interception.
Whether scanning, printing, or emailing, protection for sensitive documents comes as standard, thanks to Sharp’s RSA encrypted Adobe PDF files and use of SSL/TLS protocols and S/MIME email encryption for secure email communications. The optional Data Security Kit also eliminates residual data by overwriting it up to 10 times.
Pull printing also helps to prevent sensitive data sitting in the printer tray. It is common that printed documents are left unattended. In recent research that Sharp carried out with 6,000 office workers across Europe, 55 per cent of people said that their colleagues leave their documents in the output tray. Pull printing or Follow Me printing is a feature where the documents you have printed are held on a server in a secure queue (server-based pull printing) or on your PC (serverless pull printing) until you press a button on a connected device.
If you would like to know more about how Sharp can help you implement and meet the needs of GDPR within your business, please Get In Touch.