General Data Protection Regulation (GDPR) is the new legislation that brings data security in line with new ways that data is now used. Currently, the UK relies on the Data Protection Act from 1998 but this will soon be replaced in May 2018. It introduces tougher fines for non-compliance and breaches and gives people more say over what companies can do with their data.
Why is this important?
The new GDPR regulation will apply to any organization that processes, collects or uses personal data relating to EU subjects, so most company’s will be affected. As long as your company is compliant with the new guidelines and demonstrates that good data protection is an integral part of your business, then it shouldn’t be an issue. Getting this wrong however can damage your reputation and could see legal action being taken against you. Be prepared!
What if a company doesn’t comply?
Data controllers and data processors will face consequences if they don’t comply with the European rules, as depending on the infringed provision of the GDPR, fines may come to a maximum of 20 million euros, or it will be 4% of the controllers global annual turnover. Both controller and processors are can face joint liability for any damages.
What is personal data?
Someone’s personal data is any information such as a name, an identification number, location data, an online identifier, or social identity of that person and so on… Big organizations should take measures to make sure that they do not store any information for longer than absolutely necessary.
What are the requirements?
- Companies are required to implement reasonable data protection measures to protect their customers privacy and personal data in the case of any data loss or breaches.
- Appropriate security of data should be put in place because of unauthorised or unlawful processing, damage to the data or accidental loss.
- Personal data should always be kept up to data and stored accurately.
- Data should be kept limited to what is necessary in relation to the purposes for which they are collected.
- Data should always be processed lawfully and fairly in the correct manner.
If you would like to speak to one of our experts for more information about GDPR (General Data Protection Regulation) then please contact us via email or phone 01329 888444.