What is GDPR?
It’s a comprehensive set of rules governing how personal data is collected, processed and stored. It exists to offer greater protection to consumers. If your business collects, stores or processes any form of personal data, then GDPR applies to you.
Why is GDPR being introduced now?
The regulation represents the biggest shakeup to data protection in more than 20 years. If you consider how radically the internet has changed the way we share and use data, it’s astonishing it’s taken this long! GDPR is an EU-led regulation. Despite Brexit, it will apply to all British businesses because the UK will still be a member of the EU when it is implemented in May next year.
What does GDPR mean for my business?
You’ll have to make some important changes to the way in which you deal with personal data in your organisation.
5 key areas are:
A clear affirmative action, either written or oral, must be given to indicate an individual’s consent for your business to process their data for each purpose.
Right to be forgotten
Customer’s data must not be stored indefinitely, and should be deleted once it is no longer relevant bearing in mind the original reason why it was collected.
Rights to access data
If a customer requests a copy of their data, you must provide one without delay, and no longer than one month from the request. In addition, the first copy requested must be free of charge.
If you’re faced with a data security breach within your organisation, then you must report it within 72 hours.
Encryption and pseudonymisation are terms not all of us are familiar with but they matter under the new regulations which take cybersecurity up a notch. Personal data must be stored securely. One of the ways that this can be achieved is by encryption and pseudonymisation in order that the personal data can’t be traced to a specific individual without more information.
What happens if I don’t comply with GDPR?
Your business will be hit in the wallet for failing to uphold the new data protection standards. Penalties will reach an upper limit of €20 million or 4% annual global turnover (whichever is higher). On top of that, companies failing to uphold the regulation will face significant PR fallout and reputational damage.
Where can I find more guidance on GDPR compliance?
The Information Commissioners Office (ICO) has produced an overview of the GDPR which you can access here.