General Data Protection Regulation or GDPR for short, will come in to force in May 2018. And any company failing to comply could be fined up to 4% of annual turnover.
What is GDPR?
The EU General Data Protection Regulation replaces the Data Protection Directive 95/46/EC. It was initially designed to unite data privacy laws, but also to improve both EU citizens data privacy and an organisations approach to data privacy.
The key points
- GDPR applies to everyone: The GDPR applies to any company that processes personal data of EU citizens.
- Valid consent is required: every contact must physically opt-in to email communication.
- Consumer has right to be forgotten: an individual can request removal of their data from your records.
- You need a Data Protection Officer: if you have over 250 employees, a sole person must be employed for data control and compliance.
- Maintain proof of compliance: As a company, you are required to maintain records of your data processing activities.
What shall I do now?
- Assign a member of staff to be accountable for GDPR. They need to tasked with understanding the rules and implications.
- Understand what personal data is being managed or processed by your organisation. Where is this data being stored and how is it generated, managed and used.
- Have a clear plan for compliance. The new legislation comes into force on 25th May 2018. Be ready.
So, is GDPR going to be a help or a hindrance? Well it’s certainly going to set the cat amongst the pigeons, that’s for sure. But like anything, do it right, do it well and you will succeed… and be the better for it.
Read more about GDPR on the ICO website