usinesses, but by companies across the globe, including Australian businesses. You must therefore take steps to ensure that your business is ready for it.So, what exactly is the GDPR, and what does it mean for you?
General Data Protection Regulation made simple
Data protection legislation began long before internet use became so widespread and while it has, to an extent, evolved to meet the ever-changing digital landscape, the existing rules and regulations do not adequately cover the challenges presented by the global sharing of data, which is why reform has become so necessary.
The GDPR was designed to simplify existing regulations and to provide a framework that provides clear standards for global data sharing. The GDPR ensures that all businesses, however large or small, must think seriously about how they collect, use and store data. The point of the GDPR is to:
- Unify and streamline existing data protection regulations
- Make it easier for businesses to trade within the EU by following this simplified data protection regulation
- Give back control of personal data to individuals and the public. Crucially, the individual must be allowed to be forgotten – a concept which we discuss further below.
You need to comply with this regulation if you sell to and store personal information about customers within the EU. This means that you don't have to have an actual business in the EU to be bound by this new legislation. If you offer goods and services to EU citizens and residents, monitor their behaviour or collect their data, this regulation is going to affect you.
What kinds of businesses will be affected?
There are several differences between how the GDPR will affect large businesses, as against small businesses.
Firstly, businesses with 250 or more employees must employ a Data Protection Officer, or DPO, to guarantee responsible data collection and storage.
Businesses with under 250 employees will still be affected if:
- the data processing puts the rights and freedoms of the subjects at any risk
- the data processed meets certain criteria, as per the GDPR Article 9
- the data processing is more than occasional
All businesses, regardless of size, must swiftly report any breaches or failures. Infringements under the GDPR are likely to result in far more stringent financial penalties than previously.
Whatever size your business is, you're going to need to have the right procedures in place to handle these changes.
What is 'personal data?'
The GDPR definition of personal data is essentially any information which relates to an identified or identifiable person. This means anything from photographs to ID numbers, and email addresses to locations. It will also include online markers such as cookies and IP addresses.
Consent to holding data
To hold data, companies must be able to show the individual consented to this data being held. It must also be clear that the individual knew what they were consenting to.
Also, individuals must be allowed to be forgotten. That is, they must be able to withdraw consent for the company to hold that data.
How can Office Solutions IT help?
By streamlining and simplifying regulations, GDPR will make it easier for companies to conduct business throughout the EU, and individuals will have more confidence in engaging with them.
Here at Office Solutions IT, we understand that you will have concerns as to how GDPR applies to you specifically – and whether you are compliant. We can talk you through GDPR in detail and audit your IT security to ensure that your business complies.
For more information about the GDPR, please see the official website.
Office Solutions IT offers IT services to businesses throughout Australia and has an experienced team waiting to help you improve your IT systems and processes.