New GDP Regulation set to impact on all businesses
3rd October 2017
So, what is GDPR and what do I need to know about it?
The General Data Protection Regulation (GDPR) that comes into force on 25th May 2018, will impact on ALL and any businesses that process personal data on European citizens and residents. Even after Brexit!
Essentially, it’s providing one set of clear rules on data protection that encompasses the digital age, giving individuals greater control of their personal information. It’s also going to make it easier to enforce legally, as it will standardise the laws across the EU.
GDPR also affects any companies offering goods or services, and/or monitor the behaviour of EU residents, which means they process customer’s personal data such as contact details.
What is actually changing?
- Non-EU businesses will have to comply
- The definition of personal data is broader
- Consent will be necessary to process personal data
- Rules for obtaining consent are changing
- Mandatory appointment of a DPO (Data Protection Officer) for certain companies and activities
- Mandatory assessments have been introduced
- New notification standards for breaches
- The right for Data Subjects to be “forgotten”
- New restrictions on international data transfers
- Data processors share responsibility for protecting personal data
- New requirement for data portability
- Data processes must be built on the principle of “privacy by design”
How could this affect my business?
Fines for non-compliance (depending on the infraction) of up to 4% of annual worldwide turnover, or €20 million whichever is higher, or 2% and €10 million for other infringements, means this will need to be taken very seriously indeed.
Getting your business ready before the start date in 2018 is essential to make sure your systems are robust and you are beyond reproach.
Brexit doesn’t make any difference as it will come into force before the UK leaves the EU. The government and the Information Commissioner have confirmed this position.
What do I need to do?
- Create an inventory of the personal data held and shared by your organisation
- Develop a data flow map of your processes
- Conduct a GDPR gap analysis showing your current position and a rendition plans for any gaps identified
- Assess the risks in your processes (Data Protection Impact Assessments or DPIA) and implement a remediation plan to mitigate those risks
- Create a structure for the management of personal data that can be used to ensure you comply with GDPR
OK, how should I do it and who can help me?
This may all sound scary, and a minefield for your business, but you’re not alone!
The team at Core has many years’ experience in the application of data protection systems and processes which includes:
- Legal and Governance frameworks
- Data Flow Mapping, Gap Analysis and Impact Assessments
- Policies and Procedures to ISO standards
- Information Security
- Incident Management
- Compliance Frameworks and documentation (ISMS and PIMS)
- Project Management
- Data Protection Officer role
Core are here to help and can remove the headache of GDPR to ensure you comply with the new regulations. We will help you through every step of the process.
Call us now on +44 (0)1695 732543 and see how we can help protect your data, your business, your employees and your assets or email firstname.lastname@example.org