GDPR – General Data Protection Regulation
It’s been in preparation for 4 years and on the 24th of May 2018, it will be enforced. The GDPR’s aim is to harmonise existing data privacy across Europe. But what is GDPR and how will it effect companies?
The Data Protection Act already is already in place from 1998 and controls how your personal information is used by organisations, businesses and/or the government. The responsibility when using sensitive data means following strict rules called ‘data protection principles’. All information must be used fairly and lawfully.
Organisations, businesses and companies are supposed to be following strict data protection legislation already, why is there a need for a General Data Protection Regulation?
Yes, data protection legislation have already been in place for some time. However from May 2018, all ‘controllers and processors’ of data will need to create a report on how they handle sensitive information. Who will have access to the data and what proceedures are in place to protect this information from external forces. In other words, it is proving that these proceedures are being adhered to.
Conditions to consent have also been strengthened. There is an emphasise on clear and consise language used with the terms and conditions. It also must be easy to withdraw consent (as easy as it is to give consent). Also the scope of what constitutes personal data will also be expanded to include IP addresses, DNA and internet cookies.
Consequences of non-compliance and who will enforce it?
The consequences of non – compliance of the GDPR are heavy fines. It will be a tiered system with the maximum fine set at £20 million or 4% of annual global turnover. All previous data protection must be adhered to, but companies or organisations must conform for these new regulations.
For more information please see: https://www.eugdpr.org/