What even is GDPR and how will it affect you ?
HAVE YOU MADE PLANS TO BECOME GDPR COMPLIANT?
The EU General Data Protection Regulation (GDPR) is the biggest change in data privacy law in 20 years. This will impact all those who possess European resident’s personal data. It is designed to restore transparency, security, accountability and trust between consumers and businesses over data held. If business owners fail to comply with the new regulation they can face fines of 4% of their global revenues or €20 million. Whichever is greater.
So what do you know about it?
Do you have a plan in place or are you kinda hoping it will all just sort itself out? Worryingly, a recent study showed that 29% of UK businesses are either unaware of this law change or feel completely unprepared for it’s implementation.
The regulation, when broken down, is fairly standard and no individual requirement is difficult to meet. The challenge is that this is such an extensive change to all come at once and will affect every business in Europe with all those with a presence in the EU rethinking their strategies. The new regulation will protect privacy data including the following:
• Identity information – name, address, passport number etc
• Web data – IP addresses and cookies
• Health and genetic data
• Racial data and sexual orientation
From 25th May 2018, those who control data in business must ensure that it is processed lawfully, and for a specific purpose. Once there is no longer a requirement for data to be held, it must be deleted. A record must also be kept of how and when individuals gave consent for their data to be held. From the technical side you just need to be able to give end-users access to their data for free within a month of requesting it and at no charge.
The first major data privacy laws in Europe were established in 1981, developed in response to the growing use of computers to store personal information. This allowed the free flow of data throughout the EU without infringing personal privacy. This was closely followed up by the 1984 Data Protection Act to cement the rules to govern storage and processing of personal data. Given the digital transformation over the past 20 years, this new regulation is long overdue!
One of the most important factor of GDPR is that all companies that fall victim to a data breach must inform the public with 72 hours. As a result, GDPR will both protect against breaches of personal data and also improve organisation’s level of security with 76% of business’s suffering an average of four attacks in 2017.
If your company is small, you may be affected more significantly than others if you have limited resources to meet requirements. Make sure to ask for help, there are plenty of technical IT experts who can guide you through the process with minimal disruption.
GDPR is not something to ignore or brush off. For a bit of perspective, last year two men were found guilty of hacking TalkTalk’ data records. On further investigation, Information Commissioner Elizabeth Denham said: “TalkTalk’s failure to implement the most basic cyber security measures allowed hackers to penetrate TalkTalk’s systems with ease.”, and as a result, the mobile operator was fined £400,000. With GDPR in place, TalkTalk’s breach would now land them with a fine totalling £59 million!
For everything you need to know, check out this article by Wired to put your mind at ease and organise your data.
For details on the information we hold on you or how we are organising data through your websites, just email us at firstname.lastname@example.org