GDPR – General Data Protection Regulations
There has been a lot of noise in the press lately over GDPR and it has gotten quite a lot of people in panic.
So many people and businesses have misunderstood and think that GDPR is a new thing, its not. Every one has heard of the Data Protection Act, well this is just an extension of that and GDPR has been around since 2016. The EU had given a grace period for all businesses to get their information together and ensure that they are meeting the legislations requirements of protecting customers and staff’s data and that certain procedures in place. The grace period ended in May 2018.
Its not anything to be afraid of, as you should as a good business owner be thinking about the way you safeguard your customers or staff records already. Whether you keep those records in digital or paper form, you need to think about how you will keep that information confidential and stop it getting in to unauthorised hands.
“If you are a new business, your responsibility under GDPR starts immediately”.
Any records on staff or customers that are kept in paper form, whether that’s in a binder or filing cabinet, should at the bear minimum be kept in a lockable cabinet, ideally in a lockable room or office.
If those records are kept on a computer, then you have to ensure that you use good strong passwords to access the computer and passwords to the software or website that those records re kept on, should also be strong. If you write down your passwords in a password book, then ensure that the book is locked away when not in use. you also have to ensure that you keep your computers software up to date with the latest virus and malware protection.
The Information Commissioners Office (ICO) has a lot of information to help you understand your responsibilities as a business owner and employer.
Check out their website at www.ico.org.uk