Today, almost every aspect of our lives revolves around and is influenced by data. Various entities collect, analyse, and, more importantly, store our personal data, such as our names, home and IP addresses, and credit card numbers. This phenomenon was further confirmed by the 2020 UK Business Data Survey, which showed that 81% of businesses handle digitised personal and non-personal data from employees and customers alike. As these businesses expand, the use of data increases as well.
To keep up with the digital age and give EU citizens more control over their data, the European Parliament passed the General Data Protection Regulation (GDPR) and required all organisations catering to EU customers to be compliant in 2018. Since this regulation applies to all types of businesses, any organisation that fails to comply with it will face fines. In fact, in 2020, the UK’s Information Commissioner’s Office garnered the second-highest total fines, with businesses paying up to €43,901,000 (roughly £39.7 million) for breaching GDPR.
To avoid costly fines for non-compliance and ultimately help in advocating for data protection, be sure that your company does the following this 2021.
1. Hire a Data Protection Officer
The GDPR requires companies to appoint a Data Protection Officer (DPO). This compliance is not dependent on the company size, but rather on the amount of data processed. A DPO will oversee your company’s data protection strategy and its implementation, including the maintenance and monitoring of data subjects and large-scale processing of special categories of data.
2. Provide a way for clients to decline data collection
Under the GDPR, you must be transparent about the kind of data you will collect from your clients to avoid encountering problems. Moreover, you have the obligation to provide your clients an option whether or not they approve of their data being collected.
A way of doing this is through cookie collection. This is crucial for any kind of business that has a web presence, but even more so for eCommerce companies. Current and potential clients should not be forced to accept that they can be identified while they are browsing, even if it is with the intent of improving their user experience. To do that, on your websites, you must include options like “Accept all cookies,” “Opt out of all cookies,” or “Manage cookies.”
But making opting out easy should also apply to your employees’ data. A post on tracking hours by Verizon Connect highlights the need to strike a balance between protecting company assets and respecting employee privacy, which can be done by building privacy tools into your everyday systems. For fleet companies, a privacy switch integrated into vehicle monitoring dashboards can allow drivers to enjoy their off-work hours without feeling like they are being tracked, while also allowing management to draw clear lines between business and private miles. By utilising technology similarly, your employees can enjoy their private lives after business hours.
3. Design a data breach plan
In case data breaches occur in your business, you are obliged by the GDPR to report them no later than 72 hours after you are made aware. However, your obligations do not stop there. You must have a data breach action plan in place, which includes but is not limited to actions such as training all employees how to respond and assist customers, dispersing as much information as possible, notifying affected parties, and providing clear steps you will take to prevent future breaches.
In our journey to maintain privacy in this information age, we must do our part in ensuring our organisations are GDPR-compliant. This may seem like tedious work to do on top of your usual business transactions, but luckily, technology also works for your benefit and can ease your transition. If you need more help, you can check out the Enterprise File Fabric offered by Storage Made Easy, which can help you in your data governance and control plans.
*This blog post has been written by guest blogger Astrid Rhea Carlson.
Exclusive for blog.storagemadeeasy.com