If you are a business that is in the EU or you save the personal details of EU-Citizens then you need to comply - It's that simple, be GDPR Compliant.
So, everyone is talking about it, just google GDPR and watch your browser explode. But what does it really mean?
Thinking that the GDPR in not something that your business needs to consider, is your first mistake!
GDPR applies to EU and non-EU companies, so thinking it’s not your issue will be a costly mistake.
Thinking that the GDPR is not your issue because your organisation doesn’t have a presence in Europe? Well, think again! If you offer any products or services to the European market, or if you collect data on European Citizens, the new privacy rules apply to you!
Privacy by design & by default are legal requirements!
The times where privacy was an afterthought are gone forever. These new principles require that you integrate privacy requirements in the design of new products and services and that you process the minimum amount of personal data necessary to achieve a specific purpose or outcome, moreover you need to keep the people that you collect information about informed and the information accurate and current. You MUST also make sure they know their rights!
Companies must hire a data protection officer and need an EU Representative!
Companies whose core activity entails regular and systematic collection of personal data on a large scale, as well as firms that handle sensitive data, must hire a data protection officer this requirement is also in place for any public authorities or bodies.
Data breach notification is a mandate!
Organizations have 72 hours to communicate to the relevant data protection authority that they have in fact had a data breach. Some EU countries, like the Netherlands, already have this requirement in place, but now companies operating all over the world must set up breach notification and response services.
Fines - are up to 4% of global revenues or €20 million
The EU confirmed its decision to go for hefty fines: For breaking the law, companies will pay up to 4% of their global revenues or €20 million, whichever is greater. A fine of this magnitude will put many “non-compliant” firms out of business.
So, these are the highlights, what can you do to address each of these? Before you reach for the panic button, consider this…
Having written legislation and been a part of the legislative process, there are three primary categories of compliance, or non-compliance, depending on your view point.
Organisations who do absolutely nothing – these guys are “dead in the water”. If an EU citizen lodges a formal complaint with the Supervisory Authority then expect the EU Commission to rain down its almighty wrath.
Organisations that may not be fully compliant, they are “within the spirit of the law” – these guys demonstrate that they have systems in place and have commenced staff training, put together policies and the like and are doing what they can, they are committed, albeit a little slow.
Organisations that are “squeaky clean” – huge sums of money spent, they have it fully under control. They are compliant!
Legislation and Regulation is about more than just penalties. It’s about weeding out the blatant non-compliant from everyone else. If you are #3, you are golden. If you are #1 then you are in trouble, unless you are #1 moving to #2, with a view to becoming #3.
This is where you are going to need some help. If you are looking to achieve a position that looks something like 2 but don’t have buckets of money to spend, then we can help you.
Your membership with eu.uk.com will provide all the tools, policies, processes, tips, services, support and advice that you are going to need. Let’s break it down and address each of the four key compliance areas that we addressed above.
The GDPR is your issue if you have a presence in the EU or deal with an EU citizen, regardless of where in the world you are.
Of course, it’s not that simple, it never is. There are a mass of caveats and other considerations, so we have developed “The General Data Protection Regulation Concise Handbook”, which simplifies the regulation from 260 pages to less than 30 pages of plain language, so you have a clear lay-of-the-land. We provide icons for each requirement and let you know how your membership will help you meet the requirement and ultimately your compliance.
We provide integrated security policies in a complete framework so you can quickly and simply build these procedures and principles into everything that your business will do moving forward. We also keep your personal data collection, control and processing well within a compliant framework with the “GDPR Compliance Portal and Back Office” application. A web based system for ensuring that each collection, processing and data movement is formally and accurately recorded and the appropriate information provided to the data subjects always in a timely, professional and compliant manner. We provide both paper and electronic forms and processes for managing data, managing complaints and modifications or erasure of personal data and we do it all in 28 languages.
Most small online or Internet based retail businesses won’t have a person that will qualify as a DPO on staff. This needs to be a trained and qualified individual with an in-depth understands the regulation, data security and all the aspects that are necessary to maintain data security and quality within the law. Your membership includes the use of our ISO-accredited and Certified Data Protection Officer services. We will regularly chat with you or email you and discuss issues, provide advice and work with you to achieve compliance. More importantly, we also provide another significant GDPR requirement, EU Representative Services. If you are a NON-EU business, you need to have an EU Representative if you are collecting personal data from EU citizens, selling to EU Citizens or monitoring EU citizens, we provide this for you too – it’s all part of your membership. Your EU citizens can discuss issues with our Certified DPO’s and the EU Representative can manage your compliance and issues with the Supervisory Authority. You just need to run your ever increasingly compliant business.
Data breaches are those things that we need to ensure never happen. But, again it’s not as clear cut as that. Notifications also need to be made if you destroy, have stolen, lose control of, delete, or otherwise damage a person’s data also. Your membership has this covered also, with the DPO services discussed above and if necessary we have a 100-seat pop-up call center within 3 – 5 hours and provide a dedicated telephone number that your customers can call so that they can get the information that they need. We also provide a media management service that is always ready, we just hope you never need it.
Penalties are based on your actions before and after a breach… This is one of those super impressive actions that goes a long way and says, “we were ready, acted quickly, mitigated risk and kept the people informed” all point-scoring actions, which don’t go unnoticed if they are ever called upon.
So, from just €149 per month, you can see how your membership will be working for you 24 X 7. Join today and start the journey, we are right beside you!