Oh what a headache. GDPR is finally here. We’ve written a guide to make it easy for you
- 9th April 2018
- Posted by: Mark Dodds
- Category: Security
It’s finally upon us- the new data protection laws are arriving and will change the way every organisation handles customer information.
After over four years of planning, negotiating and more planning, the European Parliament and Council finally came to a decision about how to tackle data protection in this digital age. It’s all coming into force on May 25th, and you need to be sure your business is ready.
Replacing the Data Protection Act of 1998, the General Data Protection Regulation (or GDPR for short) is a huge paper containing 99 articles setting out the rights of individuals and the obligations of organisations. There’s a heavy emphasis on protecting people rather than businesses, and those that don’t comply will face heavy fines.
From your point of view, it’s all about accountability and compliance. The GDPR requires all organisations who handle anyone’s data to have clear policies and regulations in place, clearly state their reasons for collecting it, and make sure it doesn’t end up in the wrong hands.
Any breaches must be reported to the Information Commissioner’s Office within 72 hours, and this information must then be made public. This means that if cyber security isn’t already a major priority for your business, you’ll have to act now to ensure your data is safe.
In a lot of cases, organisations will be required to demonstrate that they have obtained consent to use someone’s data. This can be provided in writing or via a positive opt-in. Organisations that process a lot of sensitive data or undertake regular monitoring will be required to employ a data protection officer.
It’s now going to be much easier for customers to access their data too. Previously, if someone wanted to see a copy of the information an organisation held about them they had to pay a £10 administration fee. That’s now been totally scrapped, so if someone requests that information by law you have to provide it, free of charge, within a month.
Of course, no regulation is worth the paper it’s written on unless it’s enforceable, so the European Government have brought in a no-nonsense approach to ensuring everyone complies. Organisations will face fines if they don’t process someone’s data in the correct way, experience security breaches or fail to employ data protection officers when appropriate. And we’re not just talking about little fines either. Even small offences could result in fines of up to €10 million, or 2% of your global turnover-whichever is greater. If a breach results in serious damage to a group or individual, we’re looking at fines of up to €20 million or 4% cent of global turnover.
And no, Britain leaving the EU will not give UK businesses a “Get out of jail free” card. The regulations still apply to all organisations that operate and have customers in the EU. The British government have created our own set of specifics, but then so have all the other countries- and they all fit under the one big GDPR umbrella.
To learn more about what the GDPR means for your business read our guide. And if in doubt, seek help from the experts. We’ll be more than happy to guide you through the entire process and ensure your business is ready