GDPR is Coming........ are you ready?10th April 2017
The introduction of the General Data Protection Regulation (GDPR) will impact most businesses from 25th May 2018
The objective of the regulation is to bring digital accountability to organisations across Europe
When introduced, businesses will have 12 months to become compliant. After this period, substantial fines will be introduced as penalties for organisations who fail to meet the obligations of this legislation.
Despite Brexit, this legislation will affect UK businesses as the UK will still be part of the EU at the time the legislation comes in to force. Once the UK leaves the EU, compliance will still be necessary to trade with companies within EU member states.
Increased penalties under the GDPR
When the EU General Data Protection Regulation (GDPR) is enforced from 25 May 2018, breached organisations will find the fines they face increasing dramatically.
Penalties for a data breach will reach an upper limit of €20 million or 4% or annual global turnover– whichever ishigher.?
Penalties for a breach of policy will reach an upper limit of €10 million or 2% or annual global turnover – whichever is higher
For many businesses, the threat of insolvency or even closure as a result of GDPR penalties will soon be very real.
Some key themes:
Overall, the scope of GDPR is greater than the Data Protection Act, and it is easier to define the point when breach occurs. More responsibility is placed on the data controller and processor of data and full control is firmly with the owner of the data.
Protecting Personal Information
The scope of GDPR is set to ensure that your all personal Information is processed lawfully, fairly and in a transparent manner in relation to individuals; it will only be collected for specified, explicit and legitimate purposes and not further processed in a manner that is incompatible with those purposes.
Data on Loan
To understand the principles behind GDPR, you need to consider that any data that you hold has been loaned to you by the owner, and they are in control of who has it and what they do with it. Consent must be freely given for the use of any personal data and the use for this must be made clear.
- You need clear explicit consent
People have to OPT IN rather than assume consent is given unless they opt out
Would you like a coffee?
Let us arrange for a GDPR practitioner to visit you, discuss the GDPR requirements with you and advise on the most appropriate resolution to the bring you to a level of compliance.