What is GDPR and what does it mean for you?

As Europe’s existing data protection legislation is no longer fit for purpose, GDPR (General Data Protection Regulation) is to be enforced throughout the European Union (EU) as of May 25, 2018, bringing with it larger fines, more freedom for individuals and significant changes in how personal data is handled, alongside unified data protection rules throughout the EU.

Organisations across the globe will be affected by these new regulations, as organisations doing business within the EU, or any organisation outside the EU handling EU citizens’ data will be expected to comply with the GDPR.

What will GDPR change?

• The GDPR will transform how businesses handle consumer data across the world – here are the main changes:
• Data is obtained and kept only as long as necessary.
• Privacy policies will be more transparent bringing with it tighter rules and larger fines for businesses who do not comply.
• Parental consent is necessary for processing personal data of children under the age of 16.
• In order to process private data, businesses require clear written consent on consent documents.
• Data Protection officers (DPO) may need to be appointed to businesses that focus on processing or controlling data.
• Businesses must report data breaches and inform those affected by the breach within 72 hours.
• Data subjects can now request that their data be deleted or ‘forgotten’, so long as the data had served its intended purpose.
• Businesses will need to document their data responsibilities even more clearly.
• Data can now be requested by users in a format that is accessible to them and other processing systems.
• The GDPR will be used throughout the EU – meaning unified data regulation and easier business

A few tips on how to comply

• Assign someone who is responsible for each type of data you control, to ensure regulation is followed.
• Treat data as an asset and manage it in a structured and logical way, to keep track of it.
• Ensure you know where data is kept at all times, ensuring data is highly secure.
• Use proven, industry standard technologies to secure your data.
• Ensure everyone within your business is informed about changes to policy and develop a security conscious culture.
• Develop a contingency plan for when things go wrong.
• Develop robust procedures and processes to notify those affected by data breaches quickly.
• Design an incident response plan.

The repercussions for non-compliance

if an organisation has a blatant disregard to comply with the new regulations, penalties can reach an upper limit of €20 million or 4% of annual global turnover – whichever is highest; although it’s very rare that a company will receive the maximum fine. The average cost of a data breach is €3.5 million, which is still a sizeable fine especially when compared to the existing fines that are capped at £500,000.

Who will be affected?

It’s important to understand that whether you are a sole trader, charity, medium sized business or a global enterprise, these regulations will still apply to you, so long as processing or storing data of EU Citizens is integral to your business or do business in the European Union.

Things such as HR records, CCTV footage, company phones and customer data are all covered by GDPR, so it is highly likely that these regulations will affect your business in some way.

How does Brexit effect the GDPR?

Brexit will not affect the GDPR, as not only will GDPR come into full effect before the UK has fully left the EU, businesses that handle EU citizens data or operate within the EU must abide by new regulation. This therefore means that even after we have departed from the EU, businesses that process data of EU residents must abide by these rules. Additionally, for companies that have offices in the EU – GDPR will still apply.