A Guide to GDPR and Your Data
If you’re upgrading your office technology, you’ll need to know how to protect your hardware and data, and our guide to GDPR can help you there. This post should serve as a quick reminder for any elements of GDPR that you might have forgotten. If you are confused about any element of GDPR you should read the government’s official document thoroughly.
What is GDPR?
GDPR stands for General Data Protection Regulations and is a set of laws implemented in the UK to ensure that important data is reliably protected. One aim of GDPR is to ensure that organisations are clear to individuals about how their data will be used (before the individual is required to give their data), but it also asks businesses to ensure that the data they do keep is maintained and up to date.
Importantly, GDPR also requires data to be protected against unauthorised and unlawful processing, accidental loss, destruction or damage.
What Kind of Data Does GDPR Apply To?
GDPR applies to personal data. Personal data is any data that can be used to identify an individual. Examples of personal data include but aren’t restricted to the following: name, location data, online identifiers.
All businesses possess this kind of information about their staff, and many will also retain personal data on their clients and customers, too. This means that without regulations a business could amass a lot of personal data on a lot of people, making them susceptible to hacking attempts.
Who Does GDPR Apply To?
Anyone who works within the EU, or has reason to collect information on people in the EU (for trading or as customers) needs to understand GDPR. GDPR is in place to protect EU citizens, so it is relevant for all those who deal with the personal data belonging to EU citizens.
How Long Will GDPR Be For?
GDPR was implemented on May 25th, 2018, and in the interest of protecting the data of the British public, there are no signs that this it will be stopped anytime soon.
Why Do We Have GDPR?
GDPR exists to protect the privacy and data of EU citizens, but it also exists to prevent the clutter of data that has been accumulating worldwide. Information does not exist purely digitally; all stored information is contained, somewhere, in a physical server. By saving all of our data, we need to build more servers which will use more energy and space to stay active.
While the primary purpose of GDPR is to encourage better privacy regulations to protect EU citizens, restricting the storage of data to prevent cluttering is also important. By getting rid of unnecessary information, it will be easier to find relevant files in the future.
What Happens If My Data Is Breached?
Data breaches are frequent, and sometimes an accident caused by a company’s own staff, so it will save time if you work to understand GDPR and how you are expected to respond in the event of a breach now.
In the case of a data breach, those responsible for maintaining the data need to notify a supervisory authority within 72 hours, as well as all those whose data is involved. In the case of legal trouble later down the line, we recommend keeping a record of all those whom you notify in the 72 hours to show that you have been proactive in dealing with the breach as best you can.
What Fines Could I Suffer for Failing to Meet GDPR?
Worldwide, fines that are taken as a result of GDPR are expected to meet approximately 2-4% of the world’s annual turnover. However, not all GDPR infringements will result in fines; companies failing to meet regulations may also receive warnings and reprimands, bans on data processing, orders to erase data and even the suspension of data transfers.
If you’ve realised that you have more to learn regarding GDPR, you should consult the government’s official document. When disposing of company technology that has stored data regarding your staff or clients, you need to ensure that the data contained within it is unrecoverable to comply with GDPR. We can offer GDPR compliant data destruction services so talk to us about your technology today!