Ciara Lucy, Managing Director of Spearline Risk & Compliance explains what GDPR will mean for local businesses.
General Data Protection Regulation (GDPR) is a new piece of EU Legislation coming in to effect on 25 May 2018 which will prioritise the rights of the citizen and how their data is used. Data is simply a piece of information. We give information about ourselves to other people several times every day to pay bills, to book restaurants, to order pizza, to make travel arrangement and so many other transactions.
The last time the legislation regarding data was reviewed was in the early 2000s. Technology and the way we use the internet has moved on considerably since then. Social Media was not in widespread use and we did not regularly use the internet through our smartphones. Now we trust websites and apps to safeguard our information and the people who run them to use our data in responsible ways. The EU recognises the change in our use of data and has updated the law to ensure organisations are bound by legal responsibilities to respect the rights of its Citizens. If organisations do not comply with the new legislation they are liable to face a fine of €20 million or four per cent of their annual turnover.
Naturally this creates a new need within all organisations to be aware of GDPR and make sure that all their employees and suppliers who have access to data are upholding the law. While GDPR is simple in itself, it can be quite a mountain for an organisation to take the time to consider what they need to implement so as to be ready for the GPDR deadline of May 25th. The new legislation puts the responsibility on the organisations to be vigilant with their use and care of data and they will be required to prove to the Data Protection Commissioner that they are compliant should they be audited or reported.
For local businesses there are simple steps that could be taken which will help them to get ready for May 25. One of these is a Data Mapping exercise. This involves a self audit of your business to analyse every single occasion that you deal with data. While undertaking this process, consider if a data breach could occur and how you can take steps to protect against this. If you document every part of the exercise you should end up with a catalogue of data use in your business, situations where you are vulnerable to data breaches and most importantly what measures you are implementing to protect against data breaches.
These measures could be as common sense as locking the filing cabinet, putting passwords on computers and having a ‘clean desk policy’ in the office so that data isn’t hanging around. The use of data is different in every business and can depend on the nature and volume of clients, customers, suppliers and members you have as well as outside organisations you need to supply with your data in order to conduct business.
The team at Spearline Risk & Compliance will run a free GDPR Workshop for local businesses in conjunction with Skibbereen and District Chamber of Commerce at 6.30pm, Tuesday 17 April at the West Cork Hotel.To Book your free place email
Ciara Lucy is the Managing Director of Spearline Risk & Compliance – a part of the award winning software company Spearline based in Skibbereen. Spearline Risk & Compliance has developed a data protection software solution Spearline Data Protection which supports organisations in their GDPR compliance journey.