The General Data Protection Regulation (GDPR)
What is the GDPR?
The General Data Protection Regulation (GDPR) is the result of four years of work by the EU to update data protection legislation to suit the manner data is currently used inside EU member states.
The most up to date legislation in the UK relating to data protection is the Data Protection Act 1998, whilst this was suitable nearly 20 years ago, the way data is processed has changed significantly therefore, updated legislation is required. The GDPR introduces tougher fines for non-compliance and breaches, along with allowing individuals more say over how companies can use their data. GDPR also means that data protection rules will be near identical throughout EU member states which the EU estimates will save businesses a collective €2 billion a year thanks to the less complicated legal environment throughout the single market.
When does the GDPR apply?
The GDPR will apply in all EU member states from 25 May 2018. Whilst it came into force on 24 May 2016, after all parts of the EU agreed to the final text, businesses and organisations have until 25 May 2018 until the law actually applies to them. Organisations based in the United Kingdom will have to comply with the new regulations if they wish to trade with other organisations that are within the EU.
How does the GDPR affect Individuals?
As an individual, this new regulation puts you in the driving seat, the GDPR gives you eight rights that are aimed to provide total control over what can be done with your data, these are below:
- The right to be informed
- The right of access
- The right to rectification
- The right to erasure
- The right to restrict processing
- The right to data portability
- The right to object
- Rights in relation to automated decision making and profiling
How does the GDPR affect businesses?
As a business, if your company has any personal data covered under GDPR you must ensure that the individuals have provided consent to process, control and securely store their data depending on what you are trying to do with it. Failure to comply with the new regulations can land a fine of up to €20 million or 4% annual turnover globally, whichever is greater.
For the majority of businesses with no current regulation, new procedures and controls will need to be put in place to ensure that your entire business is in compliance with GDPR at all times, however, if a best-practice model is followed, or your business is accredited to certifications such as ISO 27001, changes may be minimal. The following covers a typical GDPR review process:
- Data Content
- Data Storage Devices
- Compliance, Monitoring and Reporting Tools
- Legislation, Rules and Regulations
- Governance, Organisation and Responsibilities
- Fines and Penalties
For more information on the GDPR and how Raycon can help your business comply with the new regulations please get in touch via our Contact Page