May 25 2017
What is GDPR?
The EU General Data Protection Regulation (GDPR) is a new legal framework to be introduced in all EU member states from 25 May 2018 to create a harmonised data protection framework.
Why has it been introduced?
Current legislation, including the UK’s Data Protection Act 1998, was put into force before online services and cloud technology were widely used, so key points about protecting people’s data were not covered.
GDPR will give individuals more control over the use of their personal data and clearer guidance to organisations on how people’s data can and should – and should not – be used.
It also explains what ‘personal data’ means: this can be ‘any information relating to an individual, whether it relates to his or her private, professional or public life,’ including names, contact details, IP addresses, social media accounts, medical information and bank details.
Who does it affect?
The GDPR broadly applies to SMEs in the same way as larger organisations, with some small exceptions, so it is important to understand the scope and implications of what is required.
GDPR is also applicable to people or organisations outside of the EU offering services or products to, or recording data of, people living within the EU.
What should I do?
All organisations must make sure that personal data is processed lawfully, transparently and for a specific purpose. There are several practical steps that organisations can take now:
What if I don’t comply?
If organisations breach the regulation, they will face huge fines: up to €20 million or 4% of your global annual turnover, whichever is higher…
What about Brexit?
As it applies equally to organisations around the world storing data about people living in the EU, organisations with interests in EU member states will have to comply with the regulations…