GDPR – Does it really matter?27th April 2018
Short answer YES……………..…………..And now for the longer answer
In May 2015, the EU outlined its strategy to create a digital single market which would modernise and update the principles of the EU Data Protection Directive 1995 and UK Data Protection Act (DPA) 1998.
The General Data Protection Regulation (GDPR) replaces the 1995 EU directive (Directive 95/46/EC ) and was introduced in May 2016 with full enforcement due in May 2018.
The GDPR will put control of data back into the hands of individuals who will be able to request the right to be forgotten and even be able to move their data from one organisation to another.
For data controllers and processors more stringent and measurable comp
liance requirements will be enforced with even heavier penalties of between two and four per cent of worldwide turnover.
The introduction of the General Data Protection Regulation (GDPR) will impact most businesses from 25th May 2018
The objective of the regulation is to bring digital
accountability to organisations across Europe
GDPR places greater emphasis on the documentation and procedures your business has in place. Data controllers will need to demonstrate accountability and easily display how the business gathers information from clients, as well as what they do with it and how they store it.
This means youwill need to document what personal data you hold on record, where it came from and who you share it with, along with the legal basis by which you store and process the data.
Policies and Procedures must be robust and communicated to everyone in your company - a simple 'tick a box' exercise will not be sufficient to meet the requirements of the GDPR.
When the EU General Data Protection Regulation (GDPR) is enforced from 25 May 2018, breached organisations will find the fines they face increasing dramatically.
Penalties for a data breach will reach an upper limit of €20 million or 4% or annual global turnover– whichever is higher.
Penalties for a breach of policy will reach an upper limit of €10 million or 2% or annual global turnover – whichever is higher
For many businesses, the threat of insolvency or even closure as a result of GDPR penalties will soon be very real.
The GDPR presents a perfect opportunity for organisations to understand their key risks and embed privacy driven design principles into business operations.
To find out more about what GDPR means for your business, contact Axiom Cyber Intelligence. t. 0333 355 8553 firstname.lastname@example.org w. www.axiomci.co.uk