The new General Data Protection Regulation (GDPR) comes into force on May 25th 2018. Despite this, many UK business are still confused as to how the GDPR will affect their business.
Following a recent Chip & PIN Solutions’ Twitter Poll, the results showed that 77% of businesses stated that they did not understand GDPR, or what it meant for their business. A recent report published highlighted the figures could actually be as much as 89% of UK businesses who are confused about their responsibilities?
According to a statement by KMPG, 54% of companies still feel with less than a month before GDPR becomes legislation, that they aren’t ready. A large number of businesses admit they haven’t looked at third parties they work with for possible issues around compliance either.
So what does the GDPR mean for you, and how will it affect your everyday business such as holding personal details and card payment processing
Complete a data map and privacy notice
For companies with more than 250 employees, you’ll need a privacy notice. You’ll need to complete a data map of all the personal data you hold on customers and where it’s located e.g. in a filing cabinet, an electronic database, or secure payment portal. You must then record how long the data will be kept for (you’ll need to decide on the shortest time period possible) and a date when you’ll delete it and also how you managed to delete it.?
You’ll also need to list how you’ll protect your personal electronic data e.g. secure systems, secure payment processing, secure email, encryption etc.
Contact your client base
You can no longer use automatic opt-in. Informed consent will need to be given to add personal details, customer databases, and mailing lists. If you have inactive customers, who have not been in contact for a long period of time, you’ll need to get them to agree that you can keep their details again by contacting them and asking them to continue to opt-in.
It would be beneficial for you to find a way of automating this for future customers who become inactive.
Be able to delete personal data
A customer can ask to be forgotten under the new rules. How easy would it be for you to now delete every record, document, and email you have on a person??
Are you holding identifiable credit or debit card information? You need a way to ensure this is securely destroyed.
You can find out more about GDPR with this up-to-date guide on the Information Commissioners website.