contactGet a Quick Quote call01293780075

Restore Records Management News

Published on 03 September 2017

GDPR: just a numbers game?

By now, we’ve all seen the big numbers that are swirling round in relation to the new data protection regulations from the EU – and, very likely, the UK’s own Data Protection Bill – which will come into practice from May next year. Numbers related to the oft-cited fines, bytes of data, pieces of paper, hectares of archive space, amount of investment required to implement change, years off your life worrying about it…

At the other end of the scale there are some similarly impressive numbers that reveal how prepared businesses and organisations are, given that there are now just nine months before GDPR Day (check out the counter at restore.co.uk/GDPR.aspx). From the figures, it would seem that there are some companies that aren’t worried enough. Yet.

6%: percentage of businesses that is fully prepared for GDPR

32%: size of the group that is either still thinking about it or has done nothing at all in preparation

AIIM Insight Report – May 2017 (Survey asked members of its 193,000-strong community, a community one would expect to be compliance savvy.)

10%: size of public sector organisation group that feels totally confident in their preparations for the new legislation

50%: proportion of public sector IT and business decision makers who didn’t know whether they’d meet the 2018 deadline.

Cloud Industry Forum Survey – May 2017

As if that weren’t enough numbers talk, there are 13 main talking points from the maze of GDPR legislation that affect the vast majority of businesses. Whether you make that Lucky 13 or Unlucky 13 is up to your company’s governance, collaborative capacity – human and technological – as well as making sure you work with compliant suppliers.  

The 13 talking points

1 If your business is not in the EU you will nevertheless have to comply with the regulation. Even more so since the UK government is set to mirror these regulations in a new Data Protection Bill

2 The definition of personal data is broader, bringing more data under the umbrella of regulation

3 You will require explicit consent in order to process children’s data

4 You must know and adopt the changes to the rules of obtaining valid consent – from children and adults

5 Will it be mandatory to appoint a Data Protection Officer (DPO)? It will if you are a public sector organisation

6 Data controllers must carry out privacy impact assessments in high-risk areas of their organisation

7 New data breach notification requirements allow just 72 hours for a serious incident to be reported

8 Data subjects now have the ‘right to be forgotten’. When asked, can you prove you’ve erased ALL their data?

9 Beware the risks involved in transferring data to countries outside the EU

10 If you process other people’s data you will have new responsibilities to take into account

11 A data subject has the right to take all their information from one business to another and have proof in an electronic audit trail to show that it really is ‘all’ the data that’s been moved

12 Right from the point of concept, the principle of privacy must be built into all services or products – ‘privacy by design’

13 There’ll be just one supervisory body across all EU member states, a one-stop shop.

Don’t make it a game of chance

If you’re feeling mildly panicked at this stage by the implications of complications, we are here to say ‘Never fear!’ Here at Restore we too are subject to the new regulations – both as a business ourselves and as a trustworthy, responsible processor of other people’s data – and we’ve made sure we’re in that top 6% of business preparedness.

Our experienced team of business consultants and digital specialists are on hand to guide you through the potential impacts of the GDPR with a free health check, assessment, sets of guidelines, knowledge and expertise.

Find out at restore.co.uk/GDPR.aspx how we can help you turn what seems like a confusing, tricky numbers game into a round where you hold all the cards.

NEXT TIME: No DPO? So how do you know…

What’s in that archive box?

Are you an SME? It’s very likely you won’t have a DPO to help smooth the path for this new set of legislation. How can you keep on top of paper trails, email and mobile devices while collaborating with all departments and suppliers? We show you how – watch out for our next blog.

www.restore.co.uk/GDPR.aspx 

Tags:

 

Records Management Certifications and Memberships