Data Protection Legislation is Changing
GDPR – General Data Protection Regulation
Q. What is it?
A. GDPR changes the law on Data Protection for individuals across Europe including the UK. Individuals will have new rights associated with the collection of their data, the processing of their data and the movement and transfer of their data.
Importantly it introduces the potential for huge fines of up to Euros 20 million or 4% of worldwide turnover for breaches of the law.
Q. When does it apply?
A. From May 2018. Time is short to make sure that your organisation is compliant.
Q. Who is affected?
A. Every organisation that collects and/or processes and/or uses data about living European and British citizens. Only data required by law, or to prevent crime, is excluded.
Q. What are the key elements?
A. Consent – the data subject must have given clear, unambiguous permission for specific data to be collected. No other data can be collected and the data should be kept only for as long as necessary.
A. Processing of Data; Storage and Security of Data – revised rules include anonymisation, encryption, being able to respond to queries quickly and reporting of breaches to supervisory bodies within 72 hours.
A. Responses to data subject requests – within one month. Requests can be wide ranging, including correcting inaccuracies, transfer of data, removal of data etc.
A. The requirement to have a Data Protection Officer (DPO) in certain circumstances
A. For many organisations GDPR means a change in culture. No longer seeing the law as a box ticking exercise but working on a framework of privacy that pervades the whole organisation. Companies will need to be able to demonstrate compliance.
Q. How do I find out more?
A. Detailed information is available on the internet across many sites.
Q. Can you help me to become compliant?
A. We have partners who are already engaged with some major clients, including banks. They have been working on GDPR projects for many months already and are ready to help and support our clients. But time is short and businesses need to act as soon as possible.