The EU’s General Data Protection Regulation (GDPR) is a hot topic throughout the business world right now, and as the May 2018 deadline is fast approaching, it is at the forefront of many business owners’ minds.
Replacing the existing Data Protection Act, the GDPR seeks to protect the privacy rights of individuals in Europe, whether they are EU citizens or not. Rights include regulating the transparency of how information is processed, consent, security, collection and purpose limitations, and the right to be notified if a breach occurs.
The GDPR has given the office products industry a lot of food for thought, as an opportunity presents itself to leverage the regulation changes and add value to customer relationships and increase sales. The industry needs to consider how it can support customers and organisations throughout the UK and Ireland to effectively prepare and employ the appropriate tools to comply with all areas of the regulation, including both digital and paper security.
The regulation changes and its affects on individual businesses, as well as the potential implications of non-compliance act as a great conversation starter to reach out to clients to find out more about their plans and determine any requirements for new office tools and equipment to facilitate enhanced data protection policies.
The risk to businesses of remaining underprepared to facilitate the changes could be immense, making it imperative that businesses are GDPR aware ahead of the deadline. Office products resellers should position themselves as a source of guidance and support for businesses as they amend their existing procedures.
10 Top Tips to prepare for GDPR
1) Get to know the GDPR
As a first step, it is crucial that organisations familiarise themselves with the new regulations and that they fully comprehend what the changes mean for their business; Rexel’s Data Protected campaign includes an e-book titled “Rexel Shredding: why a paper security policy is integral to GDPR compliance”, which offers businesses a framework solution for regulation compliance and can be downloaded for free here.
2) Set a secure data security policy
All data security policies should include guidance for storing, accessing and destroying all documents, both electronic and paper. With the upcoming regulation changes, it is vital that organisations revise their current policies and adapt them where necessary to be GDPR compliant before May this year. Businesses must also familiarise themselves with all changes to the regulations.
A good starting point is to answer the following questions:
– What data types does your organisation use?
– Where should your data be stored?
– Who needs to access data and who can approve access?
– When should data be destroyed?
– How can we minimise risk?
3) Communicate with employees
Ensuring all staff understand the organisation’s data protection policy, the GDPR requirements, and the potential implications of non-compliance will help to encourage the successful adoption of good data security practise, with it becoming a fundamental part of daily working life.
4) Educate employees
It is important to make sure employees recognise the different data types, both personal and sensitive, and how each requires a different level of security management. All staff should receive appropriate and sufficient training and guidance.
5) Identify data protection ambassadors
Appointing ‘data protection ambassadors’ to act as go-to team members for any queries and guidance on policies and practise, and to regularly check that procedures are being followed, is a good way of ensuring all employees are compliant.
6) Undertake a ‘Spring Clean’
With a May implementation, it is a fitting time to have a clear out of offices and files and dispose of any unnecessary documents. It’s also good to have a ‘spring clean’ of your desktop and electronic files too. This could be teamed up with an audit of the information and data that already exists within your organisation.
7) Employ the necessary tools
Making it easy for employees to follow the data protection policy is key. Investing in reliable hardware safety, paper disposal and destruction equipment, and secure storage will encourage the formation of good document management habits.
8) Store all documents securely
Any electronic documents should be adequately password protected with only permitted personnel given access, and sensitive paper documents should be securely stored in locked files. Kensington offers a diverse range of physical security solutions that are simple and easy to implement and form the first line of defence and prevent the theft of electronic business devices.
9) Shred as you go
Shredding paper documents using the appropriate equipment is a great way to ensure paper security. However it can be a time consuming task. Therefore, ensuring that employees adopt regular shredding habits makes this task quicker and easier and prevents the risk of paper documents getting lost or ending up in the wrong place.
Rexel’s range of Auto Feed Shredders allow employees to load a stack of paper, shut the lid and walk away, removing the productivity pain point cited by those who shred frequently; documents are destroyed instantly on-site.
10) Prepare for the worst
Under the GDPR, organisations are required to inform all parties affected if a breach occurs within 72 hours of becoming aware of it. It is important to create a procedure in the case of a breach to ensure it is detected as early as possible and that it is handled appropriately and in compliance with GDPR.
It is also a good idea to keep a record of all GDPR preparation as this will serve as evidence of compliance with the new legislation under the new ‘accountability’ concept in the GDPR. It will also help organisations to keep track of what has already been done and what is left to do.
For more information and to learn more about Rexel’s Auto Feed shredders, please visit: www.rexeleurope.com/gdpr
Below are some other useful links: