GDPR stands for General Data Protection Regulation – to bring data protection in line with modern technologies and new ways to transfer data which didn’t exist in 1998 when the Data Protection Act was introduced. There will be greater financial penalties for misusing or mishandling data.
The thinking behind the development of GDPR over the last 4 years, is giving people more control over and access to their personal data, as well as holding businesses to a be more transparent about how they use and store it. It also has the purpose of making sure data protection laws are consistent across the single market and is thought to collectively save businesses over £1.5 billion.
When did GDPR come into force?
Technically GDPR has been in play since all EU member states agreed to the text back in 2016, but the law has applied to businesses and organisations across the EU since 25th May 2018.
What does GDPR mean for my organisation?
GDPR applies to every business and organisation across the EU. It does mean the need to look at and modify the processes you have for collecting and storing data to make sure you’re complying with the new rules.
You will have an obligation to erase data in response to an individual exercising their ‘right to be forgotten’ – this is a withdrawal of their consent to you storing or using their data.The data must be given freely, and not as a result of the user being unable to access your services
You must obtain explicit consent
You must allow individuals to see their own data by releasing a copy of any data you hold about them in a commonly readable format, e.g. a .csv file spreadsheet
You will have 72 hours to notify the Information Commissioner’s Office about serious data breaches and any individual whose fundamental rights have been affected as a result.
What about Brexit? Should I continue to bother about GDPR if we’re leaving the EU?
Brexit isn’t an excuse to dismiss GDPR. Even though Article 50 has been triggered for the UK to leave the EU, once we’ve left, the Government has indicated they will implement GDPR fully. This will be a condition of trade in the EU, and means the new regulations will have to be adhered to long after we’re no longer a member.
We're already up-to-speed with GDPR, what now?
GDPR requires a little bit of a change in thinking, if you take steps to become compliant and then never do anything about it again, the chances are that you won't be compliant for very long. Businesses need to be actively making sure their policies are up-to-date, new staff members are trained in data protection processes, and potential breaches are continually logged.
If this sounds a bit daunting, we've put together a free guide: 8 ways to keep GDPR compliant.
Sign up to receive our newsletter
No spam, just helpful business IT information, industry news, and tips and tricks.