GDPR

General Data Protection Regulation

What to expect

Call Our Sales Team

01430 433671

Scope

GDPR will apply to businesses within the EU and also to organisation outside of the EU who process the data of EU residents.

Data Protection Officer

A DPO should be appointed if you are a public authority or body, carry out large scale systematic monitoring of individuals or perform large scale processing of special categories of data.

Single Set of Rules

Each member state will establish a Supervisory Authority, which will be responsible for their country but will also work with other SA's.

Data Breaches

GDPR require the data protection officer to notify the SA "without undue delay" and within 72 hours of any breach of data security.

Privacy by Design

Privacy must be built in to all new projects and initiatives including the requirement for privacy impact assessments (PIAs) to be conducted where specific risks exist to the rights of individuals.

Fines

A four-tier fine system will be put in place for breaches with the highest tier resulting in fines of up to £15.8 million or four percent of global annual turnover (whichever is greater).

Consent

Valid and explicit consent must be given for all data collected and the purpose for its use must be fully explained. Opt-in options must be present for all data collection and consent must be retractable at any time.

Right to Erasure

Also called the 'right to be forgotten', this control gives the data subject the right to require a business to permanently delete all information held about them on any one of number of grounds.

Responsibility and Accountability

The current annual notice requirements remain and are expected. They must also include the retention time for personal data and contact information for the data controller and data protection officer.

Data Portability

A data subject shall be able to transfer their personal data from one electronic processing system to and into another, without being prevented from doing so by the data controller.

Top 5 Steps to Being GDPR Compliant

1

Gain top level management buy-in as change must be driven from the top.

2

Conduct a current state assessment to understand your existing level of compliance.

3

Develop a security incident process and templates for notification of any breaches.

4

Create or update policies and processes for the protection of personal information

5

Provide training for all employees so they understand their responsibilities for protecting personal data and how to report a breach.

[email protected]

01430 433671