How to Prepare for the General Data Protection Regulation

By in

Next month, the EU’s General Data Protection Regulation (GDPR) goes into effect. If you conduct business in Europe, here are some ways to proactively move your company forward:

What is the GDPR?

The EU’s new General Data Protection Regulation is a new set of rules governing privacy and security focused on personal data being laid down the by the European Commission

Who’s Affected by GDPR?

GDPR applies to all companies processing and holding personal data for those residing in the European Union, regardless of the company’s location.

What Constitutes Personal Data?

Any information related to a natural person that can be used to directly or indirectly identify them. It can be anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information or a computer IP address.

What are the penalties for non-compliance?

According to the EU GDPR website, “Organizations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million. This is the maximum fine that can be imposed for the most serious infringements e.g.not having sufficient customer consent to process data or violating the core of Privacy by Design concepts. There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment. It is important to note that these rules apply to both controllers and processors — meaning ‘clouds’ will not be exempt from GDPR enforcement.”

What can you do?

– Scan and store your records (paper and electronic) securely in a facility such as SecurShred. Customers not only store info more securely, but they protect sensitive documents from the ravages of fire, flood, and free up office space. SecurShred provides storage on our secure server, on the cloud, or companies can keep data on a secure dvd or usb. Learn more at https://securshred.com

Some devices when we send back to our customers are encrypted for an added layer of security.

– Destroy old hard drives, mobile devices and smart phones in a NAID certified facility such as our Ship n Destroy service.

We’re happy to help your company navigate the new GDPR rulings and give you peace-of-mind in this ever-changing world of privacy compliance.