When first hearing about the reach of the EU’s General Data Protection Regulation (GDPR) rules and regulations, it may have sent a shudder through you or your IT department. Many firms weren’t set up to comply with a large set of new obligations, which is why so many have yet to make the necessary changes. The new laws, aimed at giving individuals more control over the way third-parties handle and store data about them, came into force over six months ago. Large fines and penalties can be handed down to anyone falling foul of the rules.
The reason GDPR affects businesses so much is down to the way data is used in our day-to-day lives. Information Commissioner, Elizabeth Denham, explained: “Almost everything we do – keeping in touch with friends on social media, shopping online, exercising, driving, and even watching television – leaves a digital trail of personal data.”
The Information Commissioner’s Office (ICO) is the regulator enforcing adherence to the rules in the UK. Significant penalties can be levied, with fines of up to 4% of a company’s turnover, or 20 million euros resulting from breaches of the rules. In contrast, the former maximum fine under the 1998 Data Protection Act was £500,000.
Articles 15 and 20 of GDPR state that organisations must return information held on a user or customer within one month of a request. The research firm, Talend, found that only 35% of EU-based companies meet the obligation.
Talend conducted a study of 103 companies operating in Europe, which found that 76% of retailers failed to return information within the legal time limit. Financial services firms performed best but still only had a success rate of 50%.
With almost every type of modern business relying on customer relationship management (CRM) style software to manage their customer experiences, the way data is held and managed can be monitored and changed. It means there is no excuse for your company to fall foul of the GDPR rules, as you can take the actions needed to protect yourself and the data of your clients and customers.
Taking advantage of an IT support system that offers proactive and responsive solutions is easy, ensuring that your software, working processes, and systems are set up to be compliant with all the necessary regulations that might apply to you, not only GDPR.
We can ensure that you never need to worry about facing a penalty from the ICO. Contact us for more details.