The GDPR: How it Affects YOUR Business...
Four years of debate have led to the ratification of the General Data Protection Regulation (GDPR) by the EU and this has now become part of the law. Half of global companies have said that they will struggle to meet the rules that have been set out by the GDPR unless they make ‘significant changes’ to how they operate; many of these companies may appoint a Data Protection Officer to make sure the new legislation is complied with.
The GDPR has been designed to give individuals enhanced control over their personal data. It also establishes a single set of rules regarding data protection that will apply right across Europe; organisations from outside of the EU will be subject to the regulation if they collect data that concerns any EU citizen.
‘Personal data’ is defined in the GDPR as ‘any information relating to an identified or identifiable natural person’. This is to include any inline identifiers such as cookies and IP addresses, if these are capable of being linked back to the data subject. It also includes ‘indirect’ information, which can include a whole array of identities from physical and genetic to social, cultural and economic. It makes no difference if the data concerns public or private matters; all are covered by the GDPR.
There is likely to be a substantial increase in fines for any organisation that does not comply with the GDPR. Violations in record keeping and security, as well as breach notifications, will attract penalties of up to ten million euros or 2% of global gross turnover, whichever is the greater. Cross-border data transfers, data subject right violations and lack of consent issues may see these penalties doubled.
Organisations that collect personal data must provide safeguards, including:
-
Encryption and pseudonymisation of data
-
Complete confidentiality and integrity of systems, as well as availability and resilience
-
Timely restoration of access to data following any technical incidents
-
The introduction of processes to regularly test and assess the effectiveness of these and other safeguards
There is a lot to take in with regards to the new GDPR and companies have been given a 2-year window to implement any necessary changes. So what does this mean for YOUR company?
Experts at Brick are currently devising a workshop that will tell you all you need to know about the GDPR and how it will affect your business. Details will be available soon but you can book your place NOW by getting in touch with us.