The General Data Protection Regulation (GDPR) comes into force on 25 May 2018 and is the biggest change to Data Protection Laws in 20 years.
The GDPR introduces concepts and requirements that better reflect the data processing that is carried out in an increasingly digital world.
GDPR sets a higher standard for consent - Genuine consent will put individuals in charge, build customer trust and engagement, and enhance your reputation!
The new rules strengthen the rights and protections of individuals.
More data is being collected than ever before. Individuals are increasingly conscious of privacy issues. The GDPR requires organisations to be more transparent; providing individuals with greater rights to hold organisations to account.
Data Protection Act 1998
Breach reporting is voluntary but recommended by the Information Commissioner’s Office (ICO).
Fines of up to £500,000
There is no obligation on organisations to appoint a designated individual who is responsible for data protection.
Information must be given to the individual in relation to the processing of their data.
New GDPR as of May 2018
Data breaches must be reported by the controller to the data protection authority (ICO in the UK) within 72 hours. Processors are obliged to report their breaches to controllers.
Fines of up to €20 million or 4% of global group turnover, whichever is higher.
Public bodies and organisations monitoring individuals or processing special kinds of data on a large scale will all have to appoint a Data Protection Officer.
Far more detailed information must be provided to the individual. Exactly what information needs to be provided depends on why the organisation is processing that data.
To prepare for the new EU GDPR, your organisation will need to have a clear understanding of your current compliance position. An important ﬁrst step will be for your organisation to have clarity of your personal data processing.
Solutions we offer:
• GDPR Quickstart Assessment Workshop to establish key GDPR gaps
• GDPR Executive Brieﬁng – GDPR awareness and risks
• Privacy Impact Assessment – Assessments of privacy risk across new systems or projects
• Training for new Data Protection Officers