Comply with GDPR regulations for business

Comply with GDPR regulations

The general Data Protection Regulation (GDPR) came into force on May 25^th, 2019 and became the primary law regulating how companies process and protect EU citizens’ personal data. All companies must comply with GDPR regulations.

Companies that fail to comply with GDPR regulations and not achieve compliance will be subject to stiff penalties and fines.

GDPR requirements apply to each member state of the European Union, aiming to create more consistent protection of consumer and personal data across EU nations. Some of the key requirements of GDPR include:

Requiring the consents of subjects for data processing
Anonymising collected data to protect privacy
Providing data breach notifications
Safely handling the transfer of data across borders
Requiring certain companies to appoint a data protection officer to oversee GDPR compliance

Any company that processes European consumer data must adhere to GDPR regulations. This includes firms that are not located in the EU, but who offer free or paid goods or services, or monitor the behaviour of EU residents. Notably this includes Google and social media networks such as Facebook.

The most significant company to fall foul of these GDPR regulations is Google who were fined £44 million over how they processed user’s personal data. The first complaint against Google came on the day the GDPR was first filed by a French privacy rights group which claimed Google did not have a valid legal basis to process user data for ad personalisation on their network. The EU courts agreed, and Google were fined a record £44 million.

Google can be considered to have got off lightly – failure to comply with GDPR can carry a maximum fine of up to 4% of a firm’s turnover; which in Google’s case is significantly more than the £44 million they were fined.

To protect your own business, you should ensure you implement the following:

Hire and train your data protection officer
Track your data so that you can report data breaches
Identity where you share information with other organisations
Communicate privacy information
Answer subject access requests quickly
Ask for explicit consent for any data you hold

You must also ensure your data procedure covers individual rights, such as:

The right to access data
The right to have data inaccuracies corrected
The right to data erasure
The right to prevent direct marketing
The right to data portability (safely moving data from one IT environment to the other)

It is the responsibility of the data controller within an organisation to ensure that the business complies with GDPR. What’s more, he or she must be able to demonstrate GDPR compliance.

How MobiWIPE^® by MobiCode,/strong> can help

If your business involves handling of pre-owned mobile phones, then one of the ways you might fall foul of GDPR regulations is if previous user data is not properly erased from these devices. Doing a factory reset just won’t cut it, you need to ensure any personal data from a used mobile phone cannot be recovered.

MobiWIPE^® by MobiCode is our mobile data erasure tool that provides a full audit trail through certifications of erasure, which help your business prove compliance with GDPR regulations. These tamper-proof reports are an efficient way of proving clear steps have been taken to protect personal data. What’s more, any erasure carried out with MMobiWIPE^® is insured by Hiscox insurance, fully protecting your business against the financial costs of accidental data breach.

To find out more about MobiWIPE^®, contact the MobiCode team on 02031 502529.