What GDPR means for companies

Unless you’ve been living under a rock for the last year, you’ll have inevitably heard the acronym ‘GDPR‘ in the workplace, seen it in the papers, on the news, and most certainly in the emails flooding your inbox left, right and centre. 

The new General Data Protection Regulations (GDPR) officially came into effect on 25th May 2018, building upon the existing legislation found in the Data Protection Act. The purpose of the new law? To put the power back into the individual’s hands when it comes to the storage and handling of their personal data.

Who does GDPR impact?

Every established business in the EU will need to ensure they are compliant with the new regulations. 

That’s regardless of Brexit… 

To put it even more transparently, if you offer goods or services to citizens within the EU, across all and any industries, you will need to be responsible for ensuring that you’re collecting, storing and using personal data in the line with the legislation.

The impact may be bigger for some companies than others, but don’t ignore it. 

The new rules come with some harsh penalties for those who do not comply. Fines to the ICO can be up to £20 million or 4% of global turnover (whichever is highest) – though they have already stated that fines will be proportionate and reasonable depending  on the actions taken by the organisation.

What do the rules state then?

There’s a hell a lot of information out there, and often it’s confusing and a little bit mind-boggling. We’ve created a guide that covers the policies in the new GDPR in a brief and easy-to-digest format. Download it and pass it around to any colleagues who might need it. GDPR isn’t just an issue for your IT team – getting into a good habit of data handling is the responsibility of everyone in the company.