GDPR will give EU citizens more rights over their personal data – how it is processed, stored and also exchanged with other organisations. The rules are quite stringent and can result in hefty fines for non-compliance. Organisations are also instructed to notify the Information Commissioner’s Office (ICO) in the event of any data breach.
“I don’t care about GDPR, we’re leaving the EU,” I hear you say. That is true. However, the UK government has already given assurances that it will comply with the regulation. Furthermore, the legislation also applies to any organisation handling data belonging to EU citizens – even if they operate from outside the EU.
So, what are the penalties for non-compliance?
They can be pretty severe – the maximum fine could be 4% of global GDP or €20,000,000, whichever is the greater. The important thing to note is that the legislation applies to both controllers and processors meaning ‘cloud’ software also falls under the remit.
There are much clearer guidelines on consent, right to access, right to be forgotten, data portability, privacy by design and data protection officers. Some organisations will also be required to employ a DPO (Data Protection Officer) – namely public authorities, those that partake in large-scale monitoring and those that engage in large-scale processing of sensitive personal data.
There’s no need to hit the GDPR panic button just yet. See it as an opportunity to review your data policies. The problem with many companies is the use of disparate systems, which means data is often held in multiple locations. This can lead to the true amount of data held being unknown or difficult to determine.
Perhaps the introduction of GDPR could also be an ideal opportunity to review your internal systems? If you would like to know more contact us @Elevate2.
Back to news