What Is GDPR And How Will It Affect Your Business?
You've got until May 2018 to ensure you comply ...
The General Data Protection Regulation (GDPR) replaces old EU data protection directives and brings all data protection across Europe in line with the way people use their data ...
Businesses must comply with the GDPR by May 2018 or they could face fines of 2% of turnover!
copyright: alfaphoto / 123rf stock photo (licensee)
You may have heard of the United Kingdom's Data Protection Act 1998 which was based on previous EU legislation and the GDPR is designed to supersede that act. It will introduce far tougher fines for non-compliance and data breaches and will give people more say over what companies can do with their data.
"It standardises data protection rules throughout the EU!"
Current data protection legislation in EU countries was passed before social media came along, and so the GDPR seeks to address that. The EU seeks to improve trust in the digital economy by strengthening data protection legislation and introducing tougher enforcement and punishment.
Additionally, the EU wants to give businesses a clear legal framework to work within, ensuring data protection law is identical throughout the entire European Single Market. It will also supposedly save businesses over €2 billion per year.
Because the GDPR is a regulation rather than a directive, the UK doesn't need to create any new legislation, it just applies automatically. While it came into force in May 2016, we have until 25th May 2018 until the law actually applies to organisations and businesses in our country.
"It is important that those responsible for data protection plan for the GDPR by next year!"
The primary objectives of the GDPR is to give control back to EU citizens and residents over their personal data. This means that websites must be far more transparent over what data is kept on an EU citizen and could face massive fines for misuse and breaches.
Additionally, the way data is collected changes. Instead of passive acceptance that data is being kept by a processor via the likes of sign-up forms, it must be clearly shown what data is being collected, why and for how long it will be kept.
Once the data is no longer required, it must be deleted and the individual has full rights to have their data deleted on request. It also applies to non-EU businesses who collect data on EU citizens so the likes of Google and Facebook also have to comply by 2018.
An example of how the GDPR applies is in regard to website forms. If your contact form automatically adds a visitor's email address to your mailing list without declaring it, then you will be in breach of the legislation.
A specific subscription form that clearly says what the data will be used for and only collects the data entered into the fields (no hidden data is recorded) should be ok as long as the visitor signing up can unsubscribe at any time, you only use the data the way you said you would and don't sell it to anyone else.
Fines can be up to 2% of your worldwide turnover. Get it wrong and you could eventually be hit with a massive fine. For example, the recent TalkTalk data breach cost the company £400,000 but under the GDPR, could have cost them a whopping £59 million instead at 2% of global turnover.
"But Brexit is happening in 2019! Will it still apply to us?"
The GDPR will take effect nearly a year before the United Kingdom leaves the EU and although the intention of the current Conservative Government is to leave the European Single Market, our country will still have to have legal equivalence across a whole range of law.
The Great Repeal Bill intends to fix all EU law into British law, so we will most likely adopt compatible data protection rules for our own UK citizens and besides, the GDPR will still apply to the remaining EU citizens data.
And remember, if the likes of the recent WannaCry malware had chosen to breach the data on computers rather than encrypt it and demand a ransom, the consequences under the GDPR would have been hugely expensive for many, many businesses.
"Would you like to know more?"
If you would like to know more about the GDPR and how it applies to your own business, then do call us on 0333 335 0461 or click here to send over an email and let's see how Virtual IT can help you.
Until next time ...
THE VIRTUAL IT TEAM
Cloud solution experts with over 10 year’s experience in the cloud. We offer solution driven IT services with the highest standard of service and value for money. We are a trusted IT support partner with over 15 years’ experience in corporate IT support.
We'll help you make the right choices for you business to stay ahead of the technology curve. We're your IT support department where you can choose how much you want to outsource to us.