GDPR stands for General Data Protection Regulation and refers to the legal framework that protects EU citizens from privacy and data breaches. The changes in this document are set to take place in the UK from 25 May 2018, and are arguably the most significant changes to data privacy that have taken place yet.
And in case you’re wondering – the government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.
While not all these changes are going to be new to you, they are going to be taken more seriously if your business does not comply. And since we’re busy familiarising ourselves with the new regulations we thought we would share the key changes with you.
WHY DO I NEED TO KNOW ABOUT GDPR?
– Regardless of your company’s location, all companies processing personal data of data subjects residing within the EU will need to comply with the new regulations. Previously, the regulations have been more ambiguous about which territories a business must be located in to be required to comply.
– If your business is in breach of GDPR, you can be fined up to 4% of your annual global turnover or €20 million (whichever is greater).
– Conditions of consent have been strengthened, and the request for consent must be in an easily accessible form and in plain clear language.
– You may be required to notify any breaches in data protection within 72 hours, if you are in a country that a data breach could “result in a risk for the rights and freedoms of individuals.” In addition, you may be required to notify your customers.
– In an effort to increase data transparency and the empowerment of data subjects, subjects can now request the confirmation of their data being used and further information on where and how it is being used.
– Data subjects will now have the right to be forgotten, and their data permanently erased.
– Subjects will now be able to request their personal data and transfer it to another processor.
– Privacy by design must be implemented, calling for the inclusion of data protection from the onset of the design of systems.
– There will be new internal record keeping requirements and some companies will need to appoint a Data Protection Officer.
You may have noticed that many of these regulations have existed in some way previously, so why do you need to stay informed? The regulations have now been legalised with high penalties if you do not comply. Sloppiness and ignorance is no longer an excuse!
For more information, we suggest you visit: https://ico.org.uk/for-organisations/data-protection-reform/overview-of-the-gdpr/
Fortunately, we have been working on finding an easy solution to staying up to date with GDPR and have a platform that will allow you to capture huge amounts of user data, all 100% compliant. If a visitor requests their data, for example, you can provide them with a custom URL within a matter of minutes. If they decide to request that this data be deleted, the system simply has a delete button to remove the data without damaging the rest of your user data (see more here).
If you have any enquiries as to how you can make sure your website is up to speed, get in touch!