GDPR: A step by step guide to help your business comply

Recent scandals have brought data protection to the attention of the wider public, with recent studies showing customers have significant concerns about the way businesses use and store their data. GDPR is the new EU legislation that replaces the 1998 Data Protection Act. GDPR provides greater protection, transparency, and accountability of consumer data. It came into effect in May 2018 and impacts all businesses that operate in the European Economic Area.

Is GDPR bad for my business?

GDPR isn’t bad for business. It offers an opportunity for businesses and companies to show customers how much they value and can be trusted with their data. Trust is a huge part of a business and customer relationship, so use GDPR to help your business succeed.

What do businesses need to do?

New regulations can sometimes feel overwhelming with the threat of fines for failing to comply with new rules. Below is a handy six-step guide to help your business comply with GDPR:

1. Know the law has changed and check your records

The first step is simply being aware of the changes in the law and keeping up to date records of personal data you hold on customers, staff, and suppliers.

2. Be clear on why you hold personal data and how you use it

The new law is clear and provides six reasons you can use to justify holding personal data. The ICO (UK Information Commissioners Office) lists these reasons on their website. You must keep a record of how you use the data and which reason you have employed.

3. Be ready for people asking about their personal data

The public has seven rights over the personal data you possess about them. You should have a process in place to deal with data requests:

• Right to be informed
• Right of access
• Right to rectification
• Right to erasure
• Right to restriction of processing
• Right to data portability
• Right to object

4. Inform people you collect their data

Update your Privacy Policy to clearly inform people why you collect personal data and how you use it.

5. Keep data secure and destroy personal data you can’t justify keeping

Both digital and paper copies of data need to be kept secure. Encrypt your digital files and dispose of personal data that you can’t justify keeping by using a hard drive destruction service.

6. Don’t panic

It may seem like GDPR has created a new hurdle for your business to overcome, with the threat of fines if you don’t comply. But don’t panic, the UK Information Commissioners Office can help by offering you advice and software, such as Blancco, can be used to safely destroy data without shredding or incinerating your hard drives.