Working in manufacturing and technology, we’re familiar with acronyms. From ERP to CRM, the latest jumble of letters hitting the headlines is GDPR — the General Data Protection Regulation. But what is it and how is it set to impact manufacturers?
In this blog post, I’ll explain everything you need to know about GDPR for manufacturers.
What is GDPR?
As we’ve already mentioned, GDPR is the General Data Protection Regulation. It’s a new regulation that is being rolled out by the European Parliament, the Council of the European Union and the European Commission to better direct how businesses process and handle data.
The regulations will replace Europe’s previous data protection directive, which came into force in 1995. As you’d imagine, the growth of our use of technology means we’re capturing more data than ever before, to the point that the 1990s directive was no longer suitable for managing the sheer scale and types of data being captured and stored.
When the GDPR is rolled out on 25th May 2018, it will provide a unified framework for data protection laws across all European countries, giving greater protection and rights to individuals.
As Britain is leaving the EU, does this mean Britain is exempt from the GDPR roll out? The UK has plans to implement a new Data Protection Bill, which features everything that’s included within the GDPR, but has been slightly altered. For example, a number of exceptions have been proposed for journalists, as well as scientific and historical researchers.
What key changes will GDPR bring about?
GDPR is set to revolutionise how businesses and organisations collect, store and share data. The regulation is far-reaching; with major changes including:
Accountability and compliance
As part of GDPR, businesses will become more accountable for the data they collect. Under the new laws, data security breaches will have to be reported to the country’s data protection regulator within 72 hours of learning about the attack. The people the breach affects must also be informed.
In terms of compliance, companies that collect and process a large amount of data on a regular basis will be required to document why an individual’s information is being collected, as well as what is being stored, how long for and how it is protected. Data includes current and past employees, customers, prospects and suppliers. If your business regularly collects such data, then you should abide by the GDPR.
Currently, businesses can charge a £10 fee to grant an individual access to the information they have stored about them. The GDPR will make this service free of charge and businesses must provide the information within a month.
Likewise, a person can request that their data is removed if it is no longer required, consent has been withdrawn, there is no legitimate interest or if it was unlawfully processed.
With GDPR in place, regulators will be able to issue fines to those businesses found to be flouting the rules. These fines can apply if data is processed incorrectly, if there is a security breach or if a data protection officer isn’t in place.
It has been reported that smaller fines could costs businesses up to £10 million, or 2% of their global turnover. For more serious cases, businesses could face paying out up to £20 million, or 4% of their global turnover. In both cases, the greater of the two will apply.
In an attempt to encourage businesses to comply with the regulations, the new plans will see fines increase 79-fold. Last year British companies were fined £885,000. The same offences under the new rules would mean fines of £69,000,000 (NCC Group, 2017).
What does GDPR mean for manufacturers?
As the above shows, upon its roll-out, GDPR is set to have a huge impact on how all businesses and organisations operate — but how will it impact manufacturers?
You may think that as a manufacturer, your business handles minimal personal data and you can therefore remain ignorant to GDPR. However, as we’ve already mentioned, GDPR covers many organisations and types of data, so manufacturers are by no means exempt.
If you hold any information about EU citizens, you are required to follow the GDPR and protect it. This data could be from your customers or suppliers, details from your employees or data you have collected from any marketing you may have carried out.
With this in mind, key considerations for manufacturers will be ensuring that you have the appropriate consent to use and store the information, as well as ensuring all types of data are stored securely. Likewise, manufacturers will need to put systems in place to ensure that they can supply data quickly upon request and ensure its efficient removal where required.
Clearly then, manufacturers do have a part to play when it comes to GDPR. Worryingly, a press release from Irwin Mitchell published on 30th May 2017 — approximately one year before the roll-out of the legislation — suggests that just 30% of manufacturers have started to prepare for GDPR coming into force.
Shockingly, 71% of manufacturers said they were unaware of what the new GDPR fines were — despite 18% admitting that the maximum fine would force them out of business and 14% admitting it would lead to redundancies.
It’s clear that some manufacturers are unprepared for GDPR, with a quarter saying they would be unable to detect a data breach.
With less than a year to go, manufacturers need to start preparing now if they are to comply with GDPR; failure to do so could see themselves out of pocket and even out of business.
Compliance with GDPR will be largely dependent on IT systems; CRM, ERP and data storage will play a big part.
Here at Kerridge Commercial Systems, we’re already hard at work, ensuring our GDPR strategy meets the needs of our manufacturing customers. If you would like to discuss GDPR within your business, get in touch, one of our business experts will be happy to offer advice.
The Information Commissioner’s Officer has created a 12-step guide to preparing for GDPR. You can access the guide here.