Preparing for GDPR is going to be one of the most important changes your law firm puts into place over the next year, but how ready are you? Although the process need not be taxing with the right help and guidance, some organisations are still struggling to meet the bar. In fact, according to a report carried out by Blancco Technology Group, UK firms are four times more likely not to allocate any budget to GDPR than their counterparts in the US, Spain and France.
However, noncompliance could prove the end of many UK businesses, with fines of up to €20 million, or 4% of annual revenue (whichever is higher). For a lot of businesses, this could equate to bankruptcy.
On a more positive note, GDPR awareness is high. UK businesses know when the regulation will be implemented, but their understanding of its implications and impact upon their own organisations is more limited. This is understandable, as new announcements and updates from the ICO seem to be getting more and more stringent.
Data protection seems to have taken a back-seat for a substantial number of UK businesses. The Blancco Technology report found that the majority of UK IT professionals were relying on insecure and unreliable data removal methods, to name just one of their downfalls.
Under the GDPR regulation, data protection must cover proper disposal of information. This means making sure that no data is accessible to outside agencies after the time that the data is being used. In addition, all data must be kept accurate and up-to-date.
Individual’s rights also play a big part in the new regulation. It is advisable, therefore, to update all your permissions from individuals to ensure that all the new rights are covered. Information on individuals’ rights, and all other aspects of the regulation, can be found on the Information Commissioner’s Office website.
GDPR After Brexit
There is reason to believe that the UK leaving the EU could be playing a part in what could be construed as a ‘lax’ attitude towards the GDPR regulation. Preparing for GDPR is not allocated a part of the budget because some assume that following Brexit, it will no longer apply to them.
This demonstrates a misunderstanding of the legality of GDPR. The UK government has stated that although the UK will not be directly under the jurisdiction of the GDPR, the Information Commissioner’s Office will be implementing identical rules in order to ensure that business between the UK and Europe can continue to be carried out smoothly.
Preparing for GDPR should first involve an analysis of your client base so that you are aware of all EU citizen information within your data. Once this has been done, the next steps towards adequately protecting that data, including disposing of it correctly, should be implemented. All third parties who have access to this information should also be assessed to ensure that they too meet all data protection standards.
Preparing For GDPR – Getting Ready
GDPR comes into play in May 2018, giving a tight timeframe within which to prepare your chambers. The advice is to approach it methodically, establishing your company’s areas of weakness, ensuring you are aware of all data you have stored. The most important tasks to consider at this point are:
- Ensuring your are aware of all EU citizen data stored within your system
- Ensuring all data you have stored is accurate and up-to-date
- Update permissions given by clients with regards to the processing of their data
- Implementing a data protection governance framework
- Documenting processes
- Determining whether a data protection officer would be beneficial to your company
- Implementing formal policies and accountability controls
Preparing for GDPR can be easier with help. CBSIT can assist your organisation navigate the new legislation and methodically implement the necessary changes. For guidance and direct assistance, contact CBSIT today.