The 25th May 2018 was a landmark day for all businesses around the UK and across the continent of Europe. That was the date that the European Union’s General Data Protection Regulation (GDPR) came into force.
It replaced the Data Protection Act, and has been designed to provide a much more robust framework for how organisations store and handle any personal data. Failure to comply with the new rules can result in heavy financial penalties – companies can be fined up to €20million, or 4% of their annual turnover, whichever is higher.
With such severe punishments in place, it’s more important than ever that businesses make themselves compliant, but what have the changes meant for CEOs, directors, managers and even any interim managers at the head of these organisations?
A more hands-on approach
Within some companies, senior managers may opt to keep their distance from the day-to-day goings on, focusing instead on top-level issues that will affect the performance of the business in the long run.
However, senior management are ultimately the ones who are responsible for ensuring their enterprise is wholly GDPR compliant and, with the new regulations now in force for a well over a year, there’s no excuse for them to be found to be in breach. That means they have been the ones charged with implementing compliance programmes, ensuring their employees are aware this directive has come from the very top and that everybody is expected to follow suit, or it could prove hugely detrimental to the organisation.
Part of that process involves ensuring total clarity when it comes to GDPR compliance. Employees – as well as the managers themselves – will have been given GDPR training and kept up to date with best practices when it comes to making sure a business does not fall foul of the rules.
Robust procedures need to have been put in place and it’s the responsibility of managers to let their employees know exactly why such processes are so important, while it’s now more critical than ever that users are made fully aware of how their data is being used and stored.
Encouraging two-way communication
Previously, any breaches may have gone unnoticed or unpunished. Companies can ill afford to run that risk now, so those at management level may have identified the wisdom of encouraging their employees to speak up if they spot any potential problems that could cause contraventions of the law.
Creating an atmosphere of honesty fosters an environment for self-accountability and responsibility, all of which will help businesses to remain GDPR compliant.