The General Data Protection Regulation (GDPR) is a new binding legislative act to protect personal data and it comes into force on 25th May 2018, a little under a year from now.
Almost every business will have to make some changes to the way it handles customer information, as website cookies and IP addresses, as well as names, addresses and email addresses are all classed as personal data under the act.
GDPR has been introduced to streamline data privacy laws across the European Union, protect citizens’ privacy and empower individuals by granting them ‘the right to be forgotten’.
Failure to comply with the new regulations could result in a fine of up to €20m 4% of your company’s global annual turnover, not to mention the irreparable damage it could do to your reputation
GDPR: What do you need to do?
In less than 12 months, every organisation across Europe will be expected to comply with GDPR and many will have to make fundamental changes to the way data is gathered and handled, as well as preparing for an audit that could come at any time.
For now, the most important thing to do is educate yourself and your staff and begin putting new procedures in place where necessary.
Complying with GDPR will mean:
- Reviewing all the ways in which you collect, store and use personal data
- Assessing your current products, services and procedures to ensure they meet the standards set out by GDPR
- Records must be kept of all the data and data-related activities within your organisation and processing agreements are in place where needed
- Privacy Impact Assessments must be carried out on your systems and products
- Employing a data protection officer (DPO) if applicable in your organisation
- Being aware of your duty to report any data breach to the relevant authority
- Implementing a culture of ‘privacy by design’ and ‘privacy by default’ when developing new products and services
Ultimately the introduction of GDPR will affect the way every company manages its data and it is very clear that every organisation must understand and be prepared to clarify exactly what data they collect, what it is used for and how it is secured.
If you need information about your rights or responsibilities regarding GDPR, please obtain specific legal advice from your solicitor.