How to Prepare Your Workplace for GDPR

With just over a month until the new GDPR (General Data Protection Regulation) legislation comes into full effect, the prospect of ensuring the correct tools are in place in order to protect the confidential and personal data of customers and employees can be daunting. Here’s a brief breakdown of the best ways you can prepare your workplace for GDPR.

A huge talking point within many offices and across the working industry, GDPR will force many businesses to ensure that their processes are correct and in order in order to comply and avoid breaking the law. With the warning that incorrect or inaccurate compliance with the new legislation could lead to fines of up to €20m (approx. £17.5m) or 4% of a company’s annual turnover, it’s never been more important to update or adjust company data handling practices.

Carry Out an Audit

Whilst it’s important to regularly look within your business or organization at how important data is being stored or communicated across the company, GDPR will mean that every process, method and routine will be completely scrutinized so it’s in your best interest to carry out an extensive audit now in time for May. Key areas to look into for your audit include:

  • Where your data is currently being stored (and is it readily accessible, encrypted etc.)
  • What data is being stored (does it contain confidential information, passwords, financial notes etc.)
  • How data is being processed (is it being kept on spreadsheets, inside electronic documents, databases etc.)

Examining these areas will help uncover any potential flaws in your data protection protocols and allow you enough time to update or adjust them before it becomes too late.

Inform Third Party Providers

Should your business or organization use third parties in order to handle human resources or extended services for employees, it’s likely they will already be aware of the risks and importance of becoming compliant with incoming GDPR practices. However, it’s still advisable to contact any company health insurance providers, payroll services or company pension providers to determine how they intend to address the legislation. It’s important to note that any companies/business services attached to your business also account for your responsibility to comply with GDPR – their failure to protect data could have a knock on impact towards you also.

Destroy and Dispose of Old Data

GDPR not only affects new and current data handling, it also impacts on old and unused data also. This can be easily addressed by making sure to destroy and correctly dispose of any old papers containing any form of financial or personal information through paper shredding. Unused digital data should also be completely erased from devices and company machines and not just placed into a temporary location. If required, upgrade any shredders within your workplace to ones that use cross cut shredding or micro cut shredding as to not leave ineffective paper document destruction to chance.

Related Articles You May Like

Are UK Businesses Ready for GDPR?

IoT Security Needs Addressing in Workplaces

Data Security: Shredding Not Sharing

Sam Rose