Banner
Image is not available
Latest News

Comply with GDPR Regulations

Comply with GDPR regulations

The General Data Protection Regulation, or GDPR, came into force on 25 May 2018. It became the main law governing how companies process and protect the personal data of people in the EU. Any company that handles this data must comply with GDPR requirements.

Companies that fail to comply can face serious penalties and fines. GDPR applies across all EU member states and aims to create a more consistent standard of protection for personal and consumer data.

Key GDPR Requirements

Some of the main GDPR requirements include:

  1. Obtaining consent for data processing where required
  2. Anonymising collected data to protect privacy
  3. Reporting data breaches properly
  4. Handling cross-border data transfers safely
  5. Appointing a data protection officer where the law requires one

GDPR does not apply only to businesses based in the EU. It also applies to firms outside the EU if they offer goods or services to EU residents or monitor their behaviour. As a result, major international companies such as Google and Facebook fall within its scope.

Why GDPR Compliance Matters

One of the most high-profile early GDPR penalties involved Google, which was fined around £44 million over the way it processed personal data. The case began when a French privacy rights group challenged Google’s legal basis for using personal data in ad personalisation. The regulator agreed and issued a record fine.

Even so, that figure shows only part of the risk. GDPR allows regulators to issue fines of up to 4% of a company’s annual turnover. Therefore, businesses should not treat compliance as an afterthought.

What Your Business Should Put in Place

To protect your business, you should make sure you have the right internal processes in place. For example, you should:

  • Appoint and train a data protection officer where appropriate
  • Track your data so you can respond properly to breaches
  • Identify where you share information with other organisations
  • Communicate privacy information clearly
  • Answer subject access requests quickly
  • Ask for explicit consent where it is required

Your Procedures Must Also Cover Individual Rights

In addition, your data procedures should cover key individual rights, including:

  • The right to access data
  • The right to correct inaccurate data
  • The right to erasure
  • The right to object to direct marketing
  • The right to data portability

The data controller in an organisation carries responsibility for GDPR compliance. In practice, that means the organisation must not only comply with the law but also show that it complies.

How MobiWIPE® by MobiCode Can Help

If your business handles pre-owned mobile phones, one clear GDPR risk is old user data remaining on those devices. A factory reset alone is not enough. Instead, you need to make sure no one can recover personal data from the handset.

MobiWIPE® by MobiCode is our mobile data erasure tool. It provides certifications of erasure, which create a full audit trail and help your business demonstrate compliance with GDPR. These tamper-proof reports show the practical steps your business has taken to protect personal data.

In addition, Hiscox insurance covers erasure carried out with MobiWIPE®. To find out more about MobiWIPE®, contact the MobiCode team on 02031 502529.

Copyright © 2024 · All Rights Reserved · MobiCode