What exactly is the GDPR? Well to be honest, it’s going to be a rather large pain for any company collecting personal data. Why is it such a pain? You’re going to have to do more work. Gone are the days when you simply collected data and made a half-hearted attempt to protect it. Most of the time, security or data protection was really nothing more than an add-on. You’ll now have to constantly think about data protection and how it affects you, your organisation and the individuals whose data you collect.
If you collect any data that can be used to identify an individual – you need to protect it from others. This applies not only to electronic, but paper-based files as well. Just because you have data stuck in a filing cabinet doesn’t mean you don’t have to protect it! Keep in mind that more than 25 per cent of data breaches happen with paper-based files.
The GDPR has changed a few rules and tightened up others. For example, you need a legal or business reason for collecting personal data, you must get explicit consent to collect data and you can use the data only for that specific reason for which it has been collected. In other words, you can’t take existing data and pass it on to someone else, or use it for a completely different reason. Say if a client makes an order – you can only use the personal data to fill that order. You can’t then use the same data to send them a promotional letter by email if they never gave you a specific permission for that.
There are lots of things you’re going to need to do, look at all the types of data you collect and see if it’s personal, and then you’ll have to think about how you’re going to protect this data, what security will have to be put in place.
This is where we come in – we can do all this for you, so you can get on with what you do, make money instead of worrying about data and if it needs to be protected.