18th DEC 2017 •

GDPR 2018 – What Do You Need to Know?

Forget most of what you know about the Data Protection Directive 95/46/EC because it’s been succeeded by the GDPR (EU General Data Protection Regulation). Two years since that momentous day when the EU Parliament decided to unify data protection laws across Europe, the new legislation will come into force on 25/05/2018. At 200 pages long, the regulation is one of the most wide-ranging directives from the EU in recent times.

GDPR will give EU citizens more rights over their personal data – how it is processed, stored and also exchanged with other organisations. The rules are quite stringent and can result in hefty fines for non-compliance. Organisations are also instructed to notify the Information Commissioner’s Office (ICO) in the event of any data breach.

“I don’t care about GDPR, we’re leaving the EU,” I hear you say. That is true. However, the UK government has already given assurances that it will comply with the regulation. Furthermore, the legislation also applies to any organisation handling data belonging to EU citizens – even if they operate from outside the EU.

So, what are the penalties for non-compliance?

They can be pretty severe – the maximum fine could be 4% of global GDP or €20,000,000, whichever is the greater. The important thing to note is that the legislation applies to both controllers and processors meaning ‘cloud’ software also falls under the remit.

There are much clearer guidelines on consent, right to access, right to be forgotten, data portability, privacy by design and data protection officers. Some organisations will also be required to employ a DPO (Data Protection Officer) – namely public authorities, those that partake in large-scale monitoring and those that engage in large-scale processing of sensitive personal data.

There’s no need to hit the GDPR panic button just yet. See it as an opportunity to review your data policies. The problem with many companies is the use of disparate systems, which means data is often held in multiple locations. This can lead to the true amount of data held being unknown or difficult to determine.

Perhaps the introduction of GDPR could also be an ideal opportunity to review your internal systems? If you would like to know more contact us @Elevate2.


Back to news

Historically, privacy was almost implicit, because it was hard to find and gather information. But in the digital world, whether it's digital cameras or satellites or just what you click on, we need to have more explicit rules - not just for governments but for private companies - Bill Gates

listen . transform . together

Find out how your company could benefit from our proven experience and commitment towards creating positive change. We’re great listeners and firmly believe that business and system transformation should be a collaborative process between ourselves and our clients. We can assist you through the full life cycle; from choosing the right software solutions, through to implementation and support.

 

WANT TO KNOW MORE?

Get in touch and we’ll talk you through the rest.


I understand and accept the terms and privacy policy
I agree to receive other communications from Elevate2