Data protection is changing. Fines of €10mil or 2% of global turnover, whichever is higher, will be issued to any company found to be in breach of GDPR.
What is GDPR?
The new regulation known as the General Data Protection Regulation (GDPR) has already come into force but the first fines won’t be issued until after the 25th May 2018 implementation date. This opens a giant can of worms for many organisations.
Under new regulations:
- There is one regulation for all of Europe & the rest of the world
- No fees or registration required – everyone is automatically included
- For the first time data privacy has been aligned with security
According to the regulation, fines can be avoided based upon ‘reasonable effort to comply with legislation.’ This isn’t clearly defined but experts believe it could include evidence such as: an internal audit against GDPR with plans made to bridge any gaps.
So what do you need to know?
5 Crucial GDPR facts
- Consent must be “freely given, specific, informed…by a statement or by a clear affirmative action” – this applies to all your email lists and consent must be given annually.
- All processes need to be transparent for those from whom data is collected.
- There’s a new expectation to aim for data minimisation and avoid data retention anywhere it is not crucial.
- The regulations clearly communicate the right for people to access data stored on them and request that it is erased at their will.
- Data Security is expected. All data should be stored securely using a method such as encryption. You can find tips for Cybersecurity on our blog.
For more tips and a great compliance checking tool visit CyNation, a Civ Tech firm who are leading the way in getting Britain ready for the changes.