GDPR: What do you need to know?

Ross MacKenzie
Categories:
Tags: GDPR

On 25 May 2018, strict new regulations will come into force that will change the way organisations handle personal data. This overview looks at what it means for your business, at what you need to know to stay compliant, and how you can prepare for GDPR in time for next year’s deadline.

What is GDPR?

On 25 May 2018, the General Data Protection Regulation (GDPR) will be introduced, replacing the 1995 Data Protection Directive, and developed by the EU to update data protection policies and how companies store, secure and manage personal data.

Current legislation was passed before the internet and technology – such as cloud technology – offered companies new ways to exploit data, and the GDPR seeks to address that. The EU says it wants to hand control back to the owner of the data, and improve citizens’ trust in the emerging digital economy.

For example, GDPR introduces the ‘right to be forgotten’, enabling a citizen or organisation with a reasonable wish to be deleted from a database to have the right for every record relating to them to be removed without trace. The onus is on the database owner to ensure that they have kept track of relevant interactions to be able to readily comply with such a demand.

GDPR provides EU citizens with control over their personal data through a set of ‘data subject’ rights. This includes the right to:

  • Access readily-available information in plain language about how personal data is used
  • Access personal data
  • Have incorrect personal data deleted or corrected
  • Have personal data rectified and erased in certain circumstances (the ‘right to be forgotten’ – see above)
  • Restrict or object to the processing of personal data
  • Receive a copy of personal data
  • Object to the processing of data for specific uses, such as for marketing or profiling
  • The EU also aims to give businesses a clearer legal environment in which to operate, harmonizing how data is handled across the EU. It estimates that removing red tape requirements will bring collective cost savings to businesses of around €2.3 billion a year.

    What data is covered?

    The data could be usernames, location data, bank details, medical records, online identifiers – such as IP address or cookies – or passwords, and with GDPR the definition of sensitive personal data has expanded to include genetic and biometric identity.

    The theft of personal or work-related information – whether that’s access details, passwords, or any other customer data – is endemic today; almost 1.4 billion data records were stolen in 2016 alone, an increase of 86 percent compared to the year before.

    Who will GDPR affect?

    GDPR will affect the whole of the EU Zone, which currently spans 28 member countries and half a billion citizens. However, companies outside these zones will still have to meet the standards if they want to continue using data from customers in the EU.

    How will GDPR personally affect my business?

    If a consumer requests access to their data, businesses will no longer be able to charge a fee for doing so, and will have 40 days to disclose the information.

    And one of the biggest changes UK companies should be aware of is the significantly increased fines for non-compliance, with organisations facing up to four percent of annual global turnover or €20 million, whichever is greater, for a data breach.

    In addition, organisations will have 72 hours to disclose a serious data breach to the relevant authority – in the UK that’s the Information Commissioner’s Office (ICO) – as well as to the victim of the breach. The penalty for failing to notify a breach will be up to €10 million, or two percent of revenues.

    Therefore, the consequences of any data loss will be financially devastating for any company.

    How should I prepare?

    Despite the threat of large fines, reports estimate that more than half of businesses won’t be compliant by the end of 2018.

    It’s important for any business that hasn’t yet started preparing for GDPR to do so now – and we’re here to help!

    We’ve created a GDPR content hub, where you can find links to the most relevant and useful articles and pieces of information generally. We've also published our own eBook - GDPR: A Guide for Business.

    We’ve also organised a webinar, Are you ready for GDPR in 10 questions? to be hosted by independent GDPR Implementation Consultant Pierre Westphal, on Thursday 22 June, 2.00 PM-2.45 PM.

    Related Articles

    Why is communication a problem for modern workers and companies?

    Communication is key to any business. Yet so many are getting it wrong in the UK. Find out why thanks to a survey by YouGov and Micr...

    Read More

    Cobweb Solutions wins South Coast Tech Business Awards - High Growth Tech Bu...

    The judges commented, “We were impressed by Cobweb’s turnover growth and its high net promoter score."

    Read More

    Cobweb launches their Microsoft 365 Managed Service

    Enabling our customers to benefit to maximum advantage from the features and functionality of Microsoft 365, supported by the expert...

    Read More

    8 reasons why you should move to the cloud

    Discover why the cloud is an obvious choice for businesses nowadays with our 8 reasons why infographic

    Read More