Are you GDPR ready? Read on to find out more about the GDPR and what it means to your business.
The new General Data Protection Regulation (GDPR) comes into force in May 2018 with fines of up to 4% of annual turnover or €20m, whichever is the greater for non-compliance.
What is the GDPR?
The GDPR is new European legislation which supersedes the Data Protection Act (DPA). It is designed to give EU citizens more control over their personal information and places greater onus on organisations that hold or use personal data to keep that data secure.
Who does the GDPR apply to?
The GDPR applies to anyone who handles or stores personally identifiable data (e.g. name, email address, photo etc.) of any EU Citizen. This applies to Data Controllers (who determine the purposes, conditions and means of the processing of personal data) and Data Processors (who process data on behalf of the controller).
UK organisations will still be required to comply with the regulation after Brexit.
Highlights of the GDPR legislation
In summary, the key aspects of the GDPR include:
- Personal data must be held securely and processed fairly, lawfully, and transparently
- Explicit consent is required to hold personal data
- Individuals have the ‘right to be forgotten’
- All organisations handling personal data will require a Data Protection Officer
- Reporting of data breaches will be mandatory
One of the key requirements of the new legislation is that personal data is securely held and managed. If your organisation does not have adequate cyber security measures in place, the data you hold is vulnerable and you will not meet the obligations of the GDPR legislation. Your IT systems and procedures need to be secure.
What happens in the event of a data security breach?
If you experience a data breach and it is likely to ‘result in a risk for the rights and freedoms of individuals’ it must be reported within 72 hours of the breach being discovered. Mandatory reporting could be extremely damaging to your brand and reputation.
Are you GDPR ready?
GDPR enforcement is less than one year away so we recommend getting ready now. We can help you ensure you have all the necessary technology and procedures in place to safeguard your data. Find out more here.
Please email firstname.lastname@example.org or phone us on 01392 207194 to see how we can help your business.