It’s vital that businesses and organisations understand the impact of the new General Data Protection Regulation (GDPR) (Regulation (EU) 2016/679). The GDPR will come into effect next month on May 25th, 2018, replacing the data protection directive of 1995 (officially Directive 95/46/EC).
The new GDPR will simplify the regulatory environment for international business by unifying the regulation within the EU and also aims to give control back to citizens over their personal data.
If your firm keeps a lot of highly confidential and personal data, they have a greater responsibility to make sure that the data is kept safe. They must also take complete accountability for how the data is collected, stored and used. To ensure compliance, it is important to understand how staff and clients data is collected and stored.
The impact of GDPR
Collecting, storing or using EU citizens’ personal data means that you are accountable to GDPR.
GDPR defines parties as either “controllers” or “processors”. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. As an examples, a controller could be any company, while a processor could be the IT department responsible for the data processing.
Even if you are based outside the EU, the GDPR still applies all the time you deal with personal data belonging to EU citizens.
Being GDPR ready may look quite different for some companies, these three tips will apply to all:
- Build a data inventory.
- Ensure you have a documented process for each of the specific ‘Rights of the individual’ under the GDPR.
- Train all your staff on GDPR, information security awareness and phishing awareness.
For more in depth reading you can go to any of the links below:
– The full regulation. It’s 88 pages long and has 99 articles.
– The ICO’s guide to GDPR is essential for both consumers and those working within businesses.
– EU GDPR is the Union’s official website for the regulation. It details all you need to know and has a handy countdown clock for when GDPR will come into force.
– The EU’s Article 29 data protection group is publishing guidelines on data breach notifications, transparency, and subject access requests.