Skip to main content

Rydym wedi cadw rhai ffeiliau o'r enw cwcis ar eich dyfais. Y cwcis hyn yw:

  • Hanfodol ar gyfer y safle i weithio
  • Helpu i wella ein gwefan drwy gasglu ac adrodd gwybodaeth am sut rydych chi'n ei defnyddio

Hoffem hefyd arbed rhai cwcis i helpu i deilwra cyfathrebu.

BETA
Rydych yn edrych ar fersiwn wedi'i ddiweddaru o'r gwasanaeth hwn - bydd eich adborth yn ein helpu i'w wella.
Rhoi adborth
English
Mewngofnodwch

How to Prepare your Business for the General Data Protection Regulation

Cyhoeddwyd gyntaf:
21 Rhagfyr 2017
Diweddarwyd diwethaf:
07 Mawrth 2024
What is the GDPR and what does it mean for businesses? The General Data Protection Regulation, or GDPR as it’s more commonly referred to, is the most important change to data privacy regulations in 20 years. If your business handles data (which is highly likely!) then these regulations will impact your business. Coming into force on 25 May 2018, the GDPR will bring about a number of changes to current data protection regulations as stated in the Data Protection Act (DPA) 1998. The new regulations will be much stricter, offer no ‘grace period’ for compliance and have higher fines in place. The General Data Protection Regulation will feature many similarities to the DPA, however, a number of areas will be enhanced to improve security and rights around personal and sensitive data. This will include the right to be forgotten, higher standards of consent and immediate notification of data breaches (or within 72 hours in certain circumstances). Forbes Solicitors offer a helpful summary of the key changes being brought about by the GDPR. Not only will the GDPR require employers and businesses to comply with new regulations but they will have to ensure accountability. Therefore, your business will need to be able to evidence and demonstrate compliance with the GDPR. Data protection can be a daunting and substantial subject – but by acting now, you can address any confusion ahead of the GDPR changes and start preparing your business for compliance. Here are our tips to get prepared for the GDPR: Start now We’re already on the countdown to the 25th May 2018 and there is no grace period for non-compliant businesses. If you want to avoid hefty fines (reaching 4% of annual turnover or £17million), it’s time to start taking action. It’s important to recognise that data processing isn’t just a challenge – it’s also an opportunity. Read about how Enquin Environmental improved how they collect and transfer data to achieve more than £300,000 in savings and 50% boost in productivity. Take time to understand the GDPR and your business It’s important to understand the changes that will occur and what they mean to for your business. How will the changes impact different segments of your business such as marketing, IT and HR? How will the whole business work together to ensure compliance? Start thinking about what you will need to put in place to protect your business, employees and customers. Take advantage of the information and support available online. Carry out an information audit Start by mapping out the data you are processing. Ask questions about what you are processing, why you are processing it, where it is being stored, how, where and why it is being shared and your retention period. This will help you to assess areas where improvements or changes could be made in line with the GDPR requirements. Self-assess your business The Information Commissioner’s Office offers a toolkit of resources to help your business carry out a data protection self-assessment. Use their checklists to assess your current compliance standards and find out what you need to do improve your awareness, accountability and data handling ahead of GDPR. Review existing policies, procedures and relevant documentation After addressing your current data processes and making relevant changes ahead of GDPR, it’s important that your documents reflect the new regulations in place. You may need to look at updating both internal documents and those external documents that highlight consent to customers and stakeholders. Updating policies and procedures will enable you to bridge gaps from where the business currently stands to GDPR compliance in a formal and accountable manner. Plan your next steps Once you have conducted initial evaluations of your current data processes and determined how your business can achieve compliance, it’s likely that you will need to implement changes or improvements. Begin planning out the steps you need to take and who will lead on these. It may be beneficial to assign someone to managing your data compliance project to ensure consistency and effective implementation. Think long term Whilst you are going through a process of change, it is a good time to introduce or review the data training for all staff. During this process you will be able to address the day-to-day realties of complying with GDPR moving forward and upskill your staff. Develop your business’ compliance plan Not only will this be beneficial to ensure you’re responding to your initial evaluations and plans to ensure overall compliance, but this will also be a good method of demonstrating the steps taken to achieve compliance. As previously mentioned, the GDPR will require businesses to show accountability so it’s a worthwhile habit to start now.
Cyhoeddwyd gyntaf
21 Rhagfyr 2017
Diweddarwyd diwethaf
07 Mawrth 2024
Dilynnwch GwerthwchiGymru
Email icon
Llinell gymorth GwerthwchiGymru
0800 222 9004

Mae'r llinellau ar agor rhwng 8:30am a 5pm o ddydd Llun i ddydd Gwener.

Rydym yn croesawu galwadau'n Gymraeg.

We welcome calls in Welsh.

Rhowch adborth am y dudalen yma
Mae'r holl gynnwys ar gael o dan Drwydded y Llywodraeth Agored, ac eithrio lle nodir yn wahanol.