On the 25th May 2018, GDPR became law. The European General Data Protection Regulation (GDPR) replaced the 1995 data protection directive and harmonised European data privacy laws to give individuals much more control over how their personal data is used.
In Short, GDPR is all about the transparency and protection of personal data. So if you use personal data in your business, you need to comply with this law.
GDPR and the basics:
1) Individuals are able to freely request access to their personal data.
2) There are hefty fines for companies that are found to be in breach.
3) Organisations are required to obtain clear consent from individuals that they collect information about.
In the case of a data breach (personal information being accessed by an unauthorised party of the loss of your personal data) The Information Commissioner’s Office (ICO) in the UK need to be notified by the business or organisation reporting the breach within 72 hours or they will be fined. Parties holding personal data also need to document how this data is stored and used.
For individuals, the previous £10 fee for a Subject Access Request (SAR) had been scrapped and companies must release requested data within 1 month.
Individuals can request their personal data to be erased in some cases, if consent is withdrawn, if this was unlawfully processed, if there is no legitimate interest or if the data is no longer fit for purpose.
In the UK, the ICO enforces this regulation.
GDPR also applies to businesses outside of the EU If they process data belonging to individuals that live and work in the EU. As such, these businesses need to comply with specific elements of GDPR.
In summary, the introduction of GDPR has modernised data protection laws, creating a far safer and more transparent environment for personal information handling and processing, with compliance being the key factor. Businesses and Organisations have to be more open and accountable and that is a great thing for everyone concerned.
The main point to take from this article is that any business that holds or processes personal data of EU individuals, needs to understand exactly what they have to do to be compliant with GDPR. If this is you, or you are unsure, please seek professional advice and take the right steps to make your business compliant.
Pearce IT provides GDPR consultancy and support to businesses, so if you haven’t yet taken steps to be GDPR compliant, contact us and we'll let you know what needs to be done. As a Microsoft Silver Partner, we only work with UK Hosting companies to comply with data protection and every solution we provide is fully GDPR compliant, for our client’s peace of mind.