Find out what GDPR is and how it could affect your business. Our message is, if you have a well structured system, then it needn’t be a headache.
What is GDPR?
- On May 25, 2018, a European privacy law is due to take effect that sets a new global bar for privacy rights, security, and compliance.
- It provides individuals with more control over their personal data, ensures transparency about the use of data, and requires security and controls to protect data.
- The GDPR takes effect on May 25, 2018
So GDPR is about data protection – how is it different from the DPA?
- More comprehensive
- Applies globally
- More rights
- Higher fines
Who does GDPR apply to?
- All types of organisations that offer goods and services to people in the European Union (EU)
Where does GDPR apply?
- All types of organisations, globally, that collect and analyse data about EU residents
So what new rights do people have?
Individuals have the right to:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export personal data
What do organisations need to do?
Organizations will need to:
- Protect personal data using appropriate security
- Notify authorities of personal data breaches within 72 hours
- Obtain appropriate consents for processing data
- Keep records detailing data processing
How is this policed?
The Information Commissioners Office
Penalties for non-compliance are fines of up to €20 million or 4% of the business’ annual global turnover