What is GDPR?
General Data Protection Regulation, or GDPR, will overhaul how businesses process and handle data.
This regulation is the biggest change in two decades and will come into force on May 25th 2018. It will change how businesses and public sector organisations can handle information of customers.
The GDPR is Europe’s new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon.
How does it affect me?
If your company either controls or processes personal data you will be affected by the new regulations. If you are subject to the Data Protection Act, you will also be subject to the GDPR.
Personal data broadly means a piece of information that can be used to identify a person, name, address, IP address, the list is endless.
In the full text of GDPR there are 99 articles that set out the rights of individuals and the obligations companies have. These include allowing people to have easier access to data that companies hold about them, new fines and a clear responsibility for organisations to obtain consent from people they collect information about.
From a company perspective you will be more accountable for the handling of people’s information. This includes having data protection policies, impact assessments and relevant documents on how you process data.
The Information Commissioner’s Office (ICO) has to be told about any data breach 72 hours after you find out about it, as do all people it has affected.
What do I need to do?
GDPR will vary from business to business, To help prepare for the start of GDPR, the ICO has produced a 12-step guide which we recommend you read.
The guide, covers steps from making senior business leaders aware of the regulations, working out which information is held, updating your procedures and what happens in the case of a data breach.
If you are unsure about your obligations under the new regulations, our advice is to seek out professional legal advice to safe guard your company.
It is your responsibility to ensure your company is ready for GDPR, For existing clients Cortec can implement technical solutions and advice that will help you reach compliance. If you would like to book a consultation slot with us please email: firstname.lastname@example.org.