Get your retailers up to speed with GDPR
Posted on 2nd November, 2017 by Cecilia Desgrippes
Everyone’s talking about the upcoming European data protection legislation, GDPR (General Data Protection Regulation), and some even seem to fear it. There are concerns that not everyone will comprehensively understand the new regulation in adequate time, especially if they are doing business with customers within the EU.
As industries prepare to implement the legislation in May 2018, there is a lot at stake for companies in order to hit the ground running, avoid fines and ensure everyone within their organisation is aware of the risks associated with GDPR.
What is GDPR?
If you’re unsure what GDPR is, you’re not alone. A recent study found that nearly a third of UK business leaders have never heard of GDPR, even though the new data protection rules will affect almost every organisation in Europe. 
The key thing to know is that the new law involves the most important changes in European data privacy regulation in 20 years. In short, the way we handle personal data in the EU will change.
Some of the main changes that GDPR brings are that companies will need to get the consent from their customers to use their information, and will have to attach clear terms and conditions to that consent request. Companies should also be able to explain exactly what the customer’s data will be used for and when, and customers will also have the right to request access to their information in electronic format.
As well as putting the company in a bad light by not respecting the new regulation, organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million, whichever is greater.
Are you GDPR ready?
With a matter of months to go before the rules change in May 2018, it is crucial that organisations feel confident that they’re ready for the GDPR change sooner rather than later. Companies should by now have a process in place to efficiently handle customers’ personal data.
On top of that, companies should also be sure to fully inform their staff of GDPR-related changes across all parts of their business.
Despite the imminent deadline, some studies suggest a quarter of UK businesses have abandoned their preparations because they mistakenly believe the regulation will not apply to them after Britain leaves the EU. This is a risky assumption to make, given the potentially huge penalties organisations could face if they fail to comply with GDPR .
Article 32 of GDPR focuses on security concerns around the processing of data, which means companies are required to take the appropriate technical and organisational measures to protect users from security risks. These include being able to restore data after a security incident, ensure systems and services are resilient, and that these security steps are regularly tested and properly evaluated – all of which LEO is geared up to handle for our clients.
Informing employees of the changes ahead should ensure that they are aware of the risks and ready to pass their knowledge on to customers when needed. It is likely that the number of requests from customers to manage their personal data will increase. With cyber-crimes such as hacking of personal data becoming more frequent, consumers will want to have a closer look at where their data is and what it is used for.
Being able to provide employees with clear instructions on how to give their consent and access their information will also reassure them and give them confidence that they are doing the right thing in working with you.
How LEO can help your GDPR learning
At LEO, we have been keenly following the development of GDPR. We are perfectly placed to help you successfully manage and adapt to every aspect of the new regulation, and our experts can work with you to help create the training your organisation needs to handle GDPR with confidence.
For more details on GDPR and how it can affect you, visit eugdpr.org.
To get your company ready for GDPR, contact LEO today.
Info Security Magazine, ‘Third of IoD Members Have Never Heard of GDPR’ (October 2017)
Information Age, ‘1 in 4 UK businesses have cancelled preparations for GDPR’ (March 2017)