GDPR - Data Will Never Be The Same

Due to what have been called the "advanced requirements of the digital economy" there is an agreed need to upgrade the way in which businesses - and other organisations - collect, store, process, and particularly protect the personal information of customers, clients and consumers

GDPR is an attempt to harmonise the disparate data privacy and protection policies that exist across all the EU member states. It is a REGULATION - not a Directive - so that means it comes into force immediately and is legally enforceable from 25/5/18.

It applies to ALL BUSINESSES that handle personal data and it applies to ALL EU citizens, wherever they may be, so that even non EU based businesses are under the same obligation to protect the data of EU citizens.

There are punitive fines for breaching the regulation - up to 4% of global revenue or €20 million, whichever is greater.

The definition of personal data is now broader, meaning more data comes within the regulatory controls. The rules for obtaining valid consent have also changed - it must now be active not passive.

The new regulation includes:

• New rules on data portability
• Data subjects have the right to be forgotten
• Appointing a Data Protection Officer (DPO) will become mandatory for some businesses and organisations
• Processes MUST be built on the principle of “privacy by design”
• Mandatory data protection impact assessments
• New rules for data breach reporting

So, make sure that your business is compliant and, as an individual, know that it is YOUR choice as to what and how information about you is acquired, stored and used.

For more details, click here.