On 25th May 2018, the Data Protection Directive will be replaced by the EU’s General Data Protection Regulation (GDPR).
Although the UK is in the midst of BREXIT, these regulations are likely to be converted into British law and with that in mind, organisations need to make sure their data protection policies are up-to-date.
The aim of GDPR is to strengthen and unify data protection for all individuals within the European Union (EU).
It requires some significant changes to be made with regards to processes and managing public data in order to comply with the new laws.
Who does it affect?
The new data-protection regulation like the current DP Directive, affects all industries and organisations that process personal data. It’s applicable to both public and private sectors.
What are the penalties?
In the event of a compliance breach, supervisory authorities can impose fines of up to 4% of an organisation’s worldwide annual turnover, or €20 million — whichever is higher.
What happens if I have a breach?
Any breach of data must be notified within 72 hours of the breach, both internally and to the customers.
What type of data does the GDPR apply to?
GDPR applies to anyone who holds, processes, manages or deals with other peoples personal or sensitive data.
Personal data: any information relating to an individual; if you can identify a living person from the data you’re processing or obtaining, then GDPR applies to you. It might include; CCTV images, photos, databases, names, addresses and emails.
Sensitive data: any data that relates to someone’s religion, ethnicity, beliefs, health or relationship status. It can also include criminal records, court proceedings and court sentences.
Data privacy is an important issue for organisations who are processing and controlling personal data in the EU.
Its awareness is steadily increasing and might introduce all kinds of questions about the consequences it may have to your organisation, particularly relevant when we see incidents involving data breaches that expose millions of records to criminal activity.
At its most basic level, organisations need to know if they have the right cyber security tools and processes in place to prevent the loss or theft of their customers’ data.
More information on the GDPR and what you have to do, can be found on the Information Commissioner’s Office (ICO) website.
As part of changes to the data protection regulations coming into force this month, I would like to assure you that I fully comply with the regulations and as such, you can read my full data protection and privacy document.
[button url=”https://www.nikkiyoung.co.uk/wp-content/uploads/2018/05/NICOLA-YOUNG-Data-Security-Confidential-Information-Policy-April-2018.pdf” style=”grey” size=”small” target=”_blank]View the document here[/button]
Sales made via this website, are done so using PayPal, whose data protection and privay policy is available to view here.