How your business can prepare for the latest Data Protection Regulations
Over the past decades businesses have been creating huge amounts of digital information and collecting people's personal data. As a result, the outdated 1995 laws governing data protection in the EU have been replaced with the General Data Protection Regulation, or the GDPR.
As of May 25, 2018, these regulations apply to all EU countries and to all companies around the world who conduct business with European citizens. This means that even Maltese businesses, including smaller companies, will be affected. Compliance with these regulations is crucial. Businesses that don't know what personal data they hold, or don't do enough to protect it, face huge fines and serious legal problems.
By taking the following steps, your company should find it easier to comply with these new data protection regulations when handling customers' personal information.
Just a disclaimer that these are simply points of advice from us for businesses in general, and that you should conduct your own proper research or seek legal advice in the face of uncertainties!
Assess your documented customer data
Looking at the bigger picture is always a great starting point. Assess all your data-driven activities, and identify which of your data falls under the GDPR definition of personal data. This will make your GDPR preparations seem less daunting, and will help you focus your attention towards the right way forward.
You might need to organise an audit, documenting the personal customer data your company already holds, where it came from and whether it is shared with third parties.
Know what rights your customers have
The new GDPR regulations protect several important customer rights, all related to the protection of their personal data.
These include the right to access personal data being held by a company, the right to be informed about any company processes related to that personal data, and the right to be forgotten. It's essential for your business to ensure that its procedures completely cover these rights.
Minimise your data to what's important
Not all customer data is useful. GDPR encourages data minimisation, meaning the immediate and permanent erasure of data that is not vital to a company's processes. Many companies store their customers' personal data for years on end, with the excuse of possible future use. But cleaning out the clutter is now the way to go.
Assess the true worth of your customers' personal data by looking at older data that you have, and determine whether it has been useful to your processes over the years. If the answer is no, then it's time to let go.
Introduce more secure data collection procedures
Consent will make or break whether your company can use and keep its customers' personal data. And that consent must be explicit — the ticking of a checkbox simply doesn't cut it.
Your data handling procedures need to reflect this importance of explicit consent. Make sure they facilitate customers who want their data to be deleted. Moreover, revise the standard of all your documentation, especially your Terms & Conditions and privacy statements.
Prioritise data security
Personal customer data should be handled with the utmost care and responsibility.
Implement security measures which strongly safeguard this data, and which remain applicable from the moment that data enters your company's system up until the time when it is eventually removed.
Appoint a data protection officer
This is obligatory for any company with more than 250 employees, but it's still advisable for smaller businesses, including start-ups. So hiring a data protection officer, or designating this role to an existing staff member, is key.
This person will be responsible for ensuring that your business practices comply with the GDPR regulations, and that your company's data handling processes are up to the required standard.
Data protection can be a very challenging area for any business. When it all gets too technical or worrying, contact any of the Legal Advisors listed on Yellow.
Prepare yourself for a discovery of anything local — visit yellow.com.mt!