What is GDPR?
Are you complaint?
Take our survey today! or contact us here if you have any queries about either GDPR or your personal data firstname.lastname@example.org
The new regulation expands on the current privacy protections and includes new requirements for companies that handle personal data originating in the EU. This means companies who were previously compliant with the Data Protection Directive may not be compliant with the GDPR.
UK organisations handling personal data will still need to comply with the GDPR, regardless of Brexit. The GDPR will come into force before the UK leaves the European Union, and the government has confirmed that the Regulation will apply, a position that has been confirmed by the Information Commissioner.
There are a number of key changes from the current laws, to the new GDPR.
- Right To Be Forgotten
The requirement for an organisation to completely delete data on an individual at request.
- Removal of Data
Data must be deleted if it’s no longer required or if the data is no longer used for the purpose it was intended for.
Individuals are able to sue for non-compliance.
Consent must be clearly obtained if you wish to hold personal data.
Business must report any breaches to the ICO within 72 hours of the breach occurring. From 25th May 2018, failure to notify within the time frame may result in financial penalties, as detailed below.
What Data Does GDPR Cover?
The new GDPR regulations cover personal data on an individual.
Personal Address, Contact Names and Numbers, Email Address, Racial & Ethnic Origin, Political Option, Religious Beliefs, Sexual Orientation, Physical or Mental Health Information, Registration to Trade Unions, Criminal Record
What Should You Be Doing?
- Appoint a data protection officer – Appoint someone within your business who will take ownership of data protection and ensure you are GDPR compliant.
- Review the data you store – Review any of the personal data you hold and where it’s stored. Create an inventory, and review any security processes around this.
- Consult an expert – If, as a business, you feel you don’t have the expertise in-house to confidently and accurately ensure all your data meets the GDPR regulations, consult a data protection and security expert who can review this and make recommendations on your behalf. Focus Group have consultants who can help with this.
- Create a plan – Once you have identified all the data you hold and any possible vulnerabilities in how it’s stored, create a plan to get these resolved. Focus on high risk issues first. The changes could include rolling out new internal processes, training staff, new legal contracts or changes to IT setups to protect the data.