GDPR: What do you need to know?

Ross MacKenzie
Tags: GDPR

On 25 May 2018, strict new regulations will come into force that will change the way organisations handle personal data. This overview looks at what it means for your business, at what you need to know to stay compliant, and how you can prepare for GDPR in time for next year’s deadline.

What is GDPR?

On 25 May 2018, the General Data Protection Regulation (GDPR) will be introduced, replacing the 1995 Data Protection Directive, and developed by the EU to update data protection policies and how companies store, secure and manage personal data.

Current legislation was passed before the internet and technology – such as cloud technology – offered companies new ways to exploit data, and the GDPR seeks to address that. The EU says it wants to hand control back to the owner of the data, and improve citizens’ trust in the emerging digital economy.

For example, GDPR introduces the ‘right to be forgotten’, enabling a citizen or organisation with a reasonable wish to be deleted from a database to have the right for every record relating to them to be removed without trace. The onus is on the database owner to ensure that they have kept track of relevant interactions to be able to readily comply with such a demand.

GDPR provides EU citizens with control over their personal data through a set of ‘data subject’ rights. This includes the right to:

  • Access readily-available information in plain language about how personal data is used
  • Access personal data
  • Have incorrect personal data deleted or corrected
  • Have personal data rectified and erased in certain circumstances (the ‘right to be forgotten’ – see above)
  • Restrict or object to the processing of personal data
  • Receive a copy of personal data
  • Object to the processing of data for specific uses, such as for marketing or profiling
  • The EU also aims to give businesses a clearer legal environment in which to operate, harmonizing how data is handled across the EU. It estimates that removing red tape requirements will bring collective cost savings to businesses of around €2.3 billion a year.

    What data is covered?

    The data could be usernames, location data, bank details, medical records, online identifiers – such as IP address or cookies – or passwords, and with GDPR the definition of sensitive personal data has expanded to include genetic and biometric identity.

    The theft of personal or work-related information – whether that’s access details, passwords, or any other customer data – is endemic today; almost 1.4 billion data records were stolen in 2016 alone, an increase of 86 percent compared to the year before.

    Who will GDPR affect?

    GDPR will affect the whole of the EU Zone, which currently spans 28 member countries and half a billion citizens. However, companies outside these zones will still have to meet the standards if they want to continue using data from customers in the EU.

    How will GDPR personally affect my business?

    If a consumer requests access to their data, businesses will no longer be able to charge a fee for doing so, and will have 40 days to disclose the information.

    And one of the biggest changes UK companies should be aware of is the significantly increased fines for non-compliance, with organisations facing up to four percent of annual global turnover or €20 million, whichever is greater, for a data breach.

    In addition, organisations will have 72 hours to disclose a serious data breach to the relevant authority – in the UK that’s the Information Commissioner’s Office (ICO) – as well as to the victim of the breach. The penalty for failing to notify a breach will be up to €10 million, or two percent of revenues.

    Therefore, the consequences of any data loss will be financially devastating for any company.

    How should I prepare?

    Despite the threat of large fines, reports estimate that more than half of businesses won’t be compliant by the end of 2018.

    It’s important for any business that hasn’t yet started preparing for GDPR to do so now – and we’re here to help!

    We’ve created a GDPR content hub, where you can find links to the most relevant and useful articles and pieces of information generally. We've also published our own eBook - GDPR: A Guide for Business.

    We’ve also organised a webinar, Are you ready for GDPR in 10 questions? to be hosted by independent GDPR Implementation Consultant Pierre Westphal, on Thursday 22 June, 2.00 PM-2.45 PM.

    Related Articles

    Microsoft Viva launches an employee experience platform for the digital age

    Delivered through Microsoft Teams, Microsoft Viva incorporates a number of third-party solutions.

    Read More

    Beware email scams for COVID-19 vaccinations

    The recent COVID-19 vaccination push has increased the number of email scams out there. Discover what to look out for here.

    Read More

    Keeping customers safe: responding to the Mimecast cyberattack

    Protecting customers is a top priority, with a layered approach to the security of their users, applications, data and devices.

    Read More

    Which telephony option is best for your business?

    Use our interactive flow diagram to understand which option is best suited to your business.

    Read More