General Data Protection Regulation
Do you comply?
If you are unable to answer any of the questions below, a Gap analysis would be our suggestion.
- How compliant are you to the new General Data Protection Regulation?
- Have you got the processes and resources in place to support requests from individuals to delete data, or enable the secure transfer of data from our organisation to another?
- Have you got the right level of consent to perform current processes on personal data? Is this aligned with the additional GDPR requirements?
- Are you managing the risks to personal data effectively and in line with GDPR?
In May 2015, the EU outlined its strategy to create a digital single market which would modernise and update the principles of the EU Data Protection Directive 1995 and UK Data Protection Act (DPA) 1998.
The General Data Protection Regulation (GDPR) replaces the 1995 EU directive (Directive 95/46/EC ) and was introduced in May 2016 with full enforcement due in May 2018.
The GDPR will put control of data back into the hands of individuals who will be able to request the right to be forgotten and even be able to move their data from one organisation to another.
For data controllers and processors more stringent and measurable compliance requirements will be enforced with even heavier penalties of between two and four per cent of worldwide turnover.
The introduction of the General Data Protection Regulation (GDPR) will impact most businesses from 25th May 2018
The objective of the regulation is to bring digital accountability to organisations across Europe
When introduced, businesses will have 12 months to become compliant. After this period, substantial fines will be introduced as penalties for organisations who fail to meet the obligations of this legislation.
Despite Brexit, this legislation will affect UK businesses as the UK will still be part of the EU at the time the legislation comes in to force. Once the UK leaves the EU, compliance will still be necessary to trade with companies within EU member states.
Increased penalties under the GDPR
When the EU General Data Protection Regulation (GDPR) is enforced from 25 May 2018, breached organisations will find the fines they face increasing dramatically.
- Penalties for a data breach will reach an upper limit of €20 million or 4% or annual global turnover– whichever is higher.
- Penalties for a breach of policy will reach an upper limit of €10 million or 2% or annual global turnover – whichever is higher
For many businesses, the threat of insolvency or even closure as a result of GDPR penalties will soon be very real.
The GDPR presents a perfect opportunity for organisations to understand their key risks and embed privacy driven design principles into business operations.
We have four focus areas to help you at every stage of your GDPR compliance process.
Awareness Workshop: Our workshop is designed to facilitate an understanding of privacy within your organisation and will provide an awareness of how the GDPR legislative changes will impact the organisation.
Privacy/Data Protection Impact Assessment: A measurement of the impact to your business of failure to protect Personal Information in accordance with GDPR.
Gap Analysis: Our health check has been designed to understand your privacy risks according to your business objectives. We will assess your privacy controls according to GDPR requirements.
Strategy and Remediation Support: Now, more than ever, there is a need for organisations to have a defined strategy to manage privacy risks. We will help you to assess the risk, build a roadmap and assist in all aspects of remediation and compliance with the DPA and GDPR.