A business that is not GDPR compliant could face a fine of €20m or 4% of its annual turnover.
The new General Data Protection Regulations (GDPR) come into force in May 2018 and will replace the current Data Protection Act. How you handle data will change forever when GDPR comes into force throughout Europe.
If you process personal data of any data subjects who live in the EU, you need to ensure you comply with this new regulation. The GDPR imposes some direct obligations on data controllers and processors that you will need to understand and build into your policies, procedures and contracts.
For some businesses, this may only mean a couple of minor tweaks in your processes. For others, a complete overhaul of data handling may be required. Penalties for non-compliance are significant with fines of up to €20 million or 4% of global annual turnover for the preceding financial year – whichever is the greater!
This legislation affects businesses of all sizes. SMEs are not immune, so be prepared and get compliant.
How the BPIF can help you
GDPR Gap Analysis
We offer an onsite gap analysis session to assist with compliance, helping identify roles and responsibilities, throughout the whole business. Conducted by a qualified GDPR Practitioner, covering the 12 steps of GDPR readiness. Areas covered include:
- GDPR Overview
- Risk Management
- Data Mapping
- Roles and Responsibilities
- Policies and Procedures
- Privacy Impact Assessments
- IT Security
Following the onsite review, a detailed progress report will highlight the issues to be addressed.
Bespoke GDPR Workshop
We offer a bespoke one-day onsite workshop that can provide your team with an insight of ‘what is GDPR?’ This workshop can be catered to your company’s personal data needs.
Bespoke GDPR Support
We offer support and guidance with data processes and requirements.
We can help make your business to become compliant with certification against both the Cyber Essentials scheme (IASME governance) and the ISO 27001 standard
We can also provide:
- Guidance for pseudonymisation, minimisation and encryption
- Guidelines for mapping the flow of data
- Sample contract clauses
- Retention of records
- Sample policies and procedures
- GDPR policies and procedures
- Training policies
- Procedures for fair processing of data
- Subject access
- Privacy impact assessment
- Breach notification
In addition to this, there is also a basic checklist, agenda for Board meetings and basic work instructions.
GDPR and ISO 27001 ISMS
If your company already carries certification to the latest ISO 27001 standard, the following link will help you to compare how the GDPR impacts on your ISO 27001 Certification www.britishprint.com/gdprmapping
- ISO 27001 Information Security Management Implementing and maintaining an Information Security Management System (ISMS) certified to the internationally recognised data security standard ISO27001 is the most effective way to reduce your risks and to assure clients and insurers that security of information is your company’s top priority.
- BPIF Cyber Essentials Scheme Every second someone is trying to access your company data. Protect yourself and your clients from cyber attack.
The BPIF is the printing industries champion. By becoming a member you join a diverse and influential community. We help you solve business problems, connect you to new customers and suppliers and make your voice heard in government.
0845 250 7050