The new General Data Protection Regulation which comes into force on May 25 will change radically the way we handle data and confidential waste.
Time to prepare for it is running out.
The threat of substantial fines – up to 4% of worldwide turnover for the most serious data breaches – is focusing the mind of many South Wales business owners on how to comply with the new rules.
So, here is our helpful guide to making the most of the months we have left before the changes come into force:
January and February
- Decide on the systems you’ll need to comply with the new rules – this will include the data protection measures you’ll take online, your cyber security, your marketing operation, how you’ll manage your email database, and your systems for handling confidential waste.
- Draw up a timetable for these systems to be implemented – decide on dates for all your key systems to be implemented and tested.
- Allocate key tasks to your staff – ensure everyone has the overall plan and everyone knows exactly what they’ll need to do, and the dates when they should achieve it.
- Decide on your data controllers and data processers – these will need to be identified under the new regulations, and each will need to be briefed on their key duties.
- Ensure all staff are trained in the main planks of GDPR – from the need to inform people affected by the most serious data breaches within 72 hours to the need to keep an audit trail of how data is stored and when it will be reviewed. Several organisations covering South Wales are running training courses, and there are useful resources on the Information Commissioner’s website. The Federation of Small Business also has a toolkit for its members.
- Review your GDPR timetable – ensure the dates are being met.
- Get your overall plan written – this will be an important document if there is ever a data breach. You will be able to point to the fact you have taken the rules seriously and it could help reduce the level of any fine which is imposed.
- Decide whether you need to outsource elements of data handling or the handling of confidential waste. If so, look for outsourced companies which comply with GDPR rules. When it comes to dealing with confidential waste, look for a company which provides you with certificates of destruction and handles your shredding in a secure facility.
- Test your key systems – examine whether they will work efficiently and protect your staff and customers. Make any tweaks necessary.
- Circulate your GDPR plan to all staff – everyone needs to know their role, their responsibilities, and the impact if they fail to deliver on them.
- Ensure any outsourced contracts are finalised – get your provision in place before the new rules kick in.
- Set a timescale for reviewing the plan and for asking customers if they’d like to remain on your database.
- Ensure your opt in form for marketing on your website complies with the new rules.
- Relax – in the knowledge your thorough GDPR plan is now in place!
Why you should choose Taclus Confidential – a South Wales secure shredding company
We offer confidential paper waste and hard drive destruction services at affordable prices.
Taclus Confidential holds the accreditations for ISO 9001:2015 for quality management and ISO14001:2015 for environmental management, and has been certified by independent auditors IQS for both.
Taclus has also been selected as the confidential waste management partner for Keep Wales Tidy.
Are you looking for an affordable and secure shredding service in South Wales? If you need advice on dealing with the secure destruction of confidential waste, call our friendly and efficient team on 02920 676 714, or email firstname.lastname@example.org.