January 23rd 2018
GDPR in 2018 | How is your business affected?
Find out what the GDPR is, what key changes will take place that you should be aware of and why you should care about it in our #bizfit blog: GDPR in 2018.
WHAT IS THE GDPR?
The General Data Protection Regulation (GDPR) is a regulation created by the EU to strengthen data protection for those living within the EU. It is aimed to protect EU citizens from privacy and data breaches that can occur from mishandling of personal information. It will come into effect from the 25th May 2018 and will affect all EU organisations, whether they’re charities or commercial businesses, that handle personal data.
WHY SHOULD I CARE?
Because you could get a maximum fine of 4% of your annual global turnover, or £17.7 million (whichever value is greater) if you break the terms of the GDPR. Of course, maximum fine meaning you didn’t follow the GDPR at all and collected and throw around people’s data without their consent. However, there are levels of the severity of infringements you can make with set penalties for each level. Either way, if your current practices will result in fines when the GDPR comes into effect, you’ll want to change that.
WHAT ARE THE MAJOR CHANGES IN THE GDPR?
There are a lot of changes that will come with the GDPR, but here are a few key changes that I think you should definitely be aware of.
In the new legislation, stricter consent gathering stands out and will affect a lot of companies in the UK and the EU. Companies will have to make sure that requesting consent will need to be presented in an easily accessible form and should be written out clearly so anyone can understand that the purpose of the form is to request their consent.
In addition, the form should clearly say what the company is going to do with the data gathered and why they are requesting for consent in the first place. Withdrawing from consent should also be as easy and straightforward as is the process to give consent.
The GDPR will apply to all companies processing personal data that reside within the EU. It doesn’t matter where the company is located. It will apply to any processing of data by both controllers (the business which decides what the data will be used for and how the collected data will be processed) and to processors (anyone who processes the personal data on behalf of the controller). It doesn’t matter whether the data processing occurs in the EU or not.
Another big change that links with territory is that the GDPR will also apply to the processing of personal data of people within the EU by a controller or processor who is not established in the EU, if the process of data relates to the offering of goods or services to citizens in the EU or the monitoring of the behaviour of EU citizens. Non-EU businesses that process the data of EU citizens will also need to have a representative in the EU.
If a data breach is likely to result in a risk of the rights and freedoms of individuals, data processors will have to notify their customers and the controllers within 72 hours of identifying a breach.
WHAT ABOUT BREXIT?
The UK will have to follow the GDPR because it will come into effect before the UK leaves the EU. However, the UK government has shed some light on what will happen once the UK leaves the EU and has said that they will implement a GDPR alternative that will probably include similar regulations and penalties.
WHAT SHOULD I DO?
Research the GDPR as much as you can and make sure that you prepare your business’ data processes to comply with the GDPR, before it comes into effect later this year. Check out the sources I used to make this blog article below which contains useful information to get your research started.
Sources used in this blog article: