EU General Data Protection Regulation, GDPR, is bringing radical changes to how EU citizens’ personal information is handled, forcing businesses to overhaul their data practices and processes.
Initially, two years were given to businesses and other bodies to prepare for the tougher laws, but not a lot of that time is left now. Businesses are finally waking up to the fast-approaching date of compliance and with time quickly ticking away, it’s essential to plan what steps you’re going to take if you want to meet the deadline with the least stress possible.
So here’s what you need to know:
What is EU GDPR?
There has been a massive increase in the amount of data that is being created, processed and stored, and the old rules are no longer fit for purpose. This is why a new data protection framework was adopted in April 2016, bringing in a new set of regulations that will increase the protection of the EU citizens’ data.
This new set of rules known as EU GDPR will replace the current data protection directive and be directly applicable in all member states. There is a much greater emphasis on transparency, governance and citizens’ privacy.
These new rules come into force on 25 May 2018, and they’ll be enforced by the Information Commissioner’s Office in the UK.
Will it have an impact on my company?
Yes. It applies to any person, organisation, and company that handles EU citizens’ personal data.
GDPR has extended the definition of personal data to include online identifies that weren’t covered before. This includes IP address, location data, device IDs, or another piece of information that can help identify an individual. Pseudonymised personal data can also fall within this scope, depending on how difficult it can be to attribute it to a specific person.
Brexit will not change this as many of the businesses will still be accessing, storing and using EU citizens’ information.
What are the fines?
The much higher fines have certainly attracted a lot of buzz and attention. For a breach, you can get fined €20 million or 4% of annual worldwide turnover, whichever is higher.
As an example of the severity of this, if you consider some of the fines that ICO has previously given to companies, they would have been £69m instead of £880k in 2016 (more info here).
But don’t think that GDPR is just about severe penalties. You can show early on to your customers that you care about their rights and privacy by taking the necessary steps towards compliance.
How can you prepare your business for GDPR?
Whilst there already is a lot of information out there, some of the further guidance will be coming out over the next few months.
In the meantime, check out these resources for more in-depth information on GDPR and what you have to do to get ready…
For more info please do not hesitate to get in touch. email@example.com