Prepare for GDPR to minimise your risk of fines
Time is running out for GDPR compliance
With less than six months to go until the General Data Protection Regulation (GDPR) comes into effect, every European business that holds customer information will be carefully reviewing its processes for obtaining, storing and using customer data.
Moreover, GDPR’s maximum fine is set at a staggering 20 million Euros, or 4 per cent of global turnover, whichever is higher. Therefore, compliance is imperative. Businesses should implement risk management strategies now to avoid these potentially crippling penalties.
What you need to know about GDPR consent
Simon Gubbins, Managing Director at Robison, said: “Much of GDPR mirrors the existing Data Protection Act. However, there are key differences you need to plan for.
Higher standards for consent
Under GDPR, individuals must opt in whenever data is collected. Consent must be:
Clearly separate from other terms and conditions
Easily withdrawn at any time
Supported by concise privacy notices
You must review how your organisation seeks and records consent, and ensure that existing consents meet these new standards.
Building on your best practice
If you were in full compliance with the Data Protection Act, you can view GDPR as a way to enhance your data protection culture. Nevertheless, you must:
Update your privacy notices for clarity
Train key decision makers on the new consent requirements
Audit existing data-collection methods
Above all, communicate your compliance strategy clearly across all departments.
For more information on GDPR and the requirements, click to read this informational document.
How Robison & Co can help
For a complementary assessment of your data protection risk and pragmatic risk-reduction recommendations tailored to your business, please get in touch to arrange an appointment with one of Robison’s Risk Management specialists today.