On 25 May 2018, the General Data Protection Regulation (GDPR) will come into force – a game-changer for the way organisations store and manage personal data.
An EU directive securing the privacy rights of EU citizens, organisations in countries outside the EU will nevertheless have to meet the GDPR’s data management standards to be able to use data from customers residing in the EU, whether in the course of trading goods or services. This will include organisations in the UK after the country’s exit from the EU, and the UK has committed to fully enacting GDPR from May 2018.
What is GDPR?
The purpose of the regulation is to transfer control of personal data to the owner of the data – with data definition encompassing usernames, location information, online identifiers such as IP address, cookies, or passwords, for example – and GDPR extending the interpretation of sensitive personal data to include genetic and biometric identity.
GDPR: main points
‘Data subject’ rights
GDPR provides EU citizens with control over their personal data through a set of ‘data subject’ rights, including the right to:
Michael Frisby, Cobweb MD, says, “Organisations that breach the GDPR directive will face fines of up to 4% of annual global turnover or €20 million, whichever is greater. The consequences of non-compliance could, therefore, be financially devastating for a business – particularly for SMBs.
“The directive will mean significant change to the way organisations manage and process personal data, but there’s no need to panic! There’s still time to implement the necessary requirements.
“It is important, though, for those businesses that have not already done so, to begin planning for the changes now.
“We’ve created an eBook, GDPR: A Guide for Business, to provide a detailed look at the areas which need to be addressed, and we’ll continue to post information and guidance over the coming months, as well as running webinars to help businesses meet the new requirements.”