We’re all on countdown getting ready for 25 May 2018 when the General Data Protection Regulation (GDPR) becomes law. Or are we?
It is widely reported only just over half of European companies have a clear understanding of the new legislation. With many reports and whitepapers available to the general public, it appears the understanding of what GDPR is, how it will work and what will happen still remain vague.
Our fear at Topland Communications is that GDPR feels a little like Y2K all over again. Many are jumping on the band wagon, with pop-up new businesses and service solutions from Data Audits to outsourced Data Protection Officer (DPO) role. Others are ignoring what really should be good business practice – look after your data, it really is precious!
An overview of the new European GDPR 2018
- The new GDPR is applicable to all companies worldwide that process personal data of European Union (EU) citizens.
- The GDPR is there to protect Personal Data and is considered as that which can be used to identify an individual. Personal data includes a person’s genetic, mental, cultural, economic or social information.
- A company must be able to prove it has consent to use the personal information it stores and will be the biggest challenge and change in how companies source, collect and retain data. The GDPR requires all organisations collecting personal data to be able to prove clear and affirmative consent to process that data.
- Some companies will need to appoint a Data Protection Office (DPO) under the new GDPR, which may become mandatory for some organisations.
- A company will be required to conduct a Privacy Impact Assessment (PIAs) where privacy breach risks are high to minimise risks to data subjects.
- The GDPR aims to ensure organisations constantly monitor for potential threats and breaches. They will be required to report any breach to the local data protection authority within 72 hours of discovering it.
- The GDPR is expected to introduce very restrictive, enforceable data handling principles for the good of all, such as; data minimisation principle that requires organisations not to hold data for any longer than absolutely necessary, and not to change the use of the data from the purpose for which it was originally collected, while at the same time they must delete any data at the request of the data subject.
- Expanded liability beyond data controllers is expected. Previously only data controllers were considered responsible for data processing activities, but the GDPR extends liability to all organisations that touch personal data.
- The GDPR requires privacy by design.
- The GDPR requires that privacy is included in systems and processes by design.
- Consent: personal data should not be disclosed or shared with third parties without consent from its subject(s).
- Security: once collected, personal data should be kept safe and secure from potential abuse, theft, or loss.
- Disclosure: subjects whose personal data is being collected should be informed as to the party or parties collecting such data.
- Access: subjects should granted access to their personal data and allowed to correct any inaccuracies.
- Accountability: subjects should be able to hold personal data collectors accountable for adhering to all seven of these principles.
Download the Forrester Brief through our partners Mimecast http://info.mimecast.com/gdpr-forrester.html?utm_medium=SEMPPC&utm_source=GooglePPC&utm_campaign=49082670&gclid=Cj0KCQjwi97NBRD1ARIsAPXVWWDMT6WwCvLOZxwt_mgsOe31yS-gNoMdG7aVcQoiMHJ22iyCS25oDU4aAsGYEALw_wcB
Right from the start you should WANT to be compliant. Don’t hide from GDPR or fear a lack of compliance to it book your FREE GDPR review with one of our trained consultants today.