This is the first in a series of blogs to help navigate and get prepared for the new legislation. We will introduce what GDPR is and the key facts you will need to be aware of.
What is GDPR?
The General Data Protection Regulation (GDPR) is a ruling intended to protect the data of citizens within the European Union. This is a move by The Council of the European Union, European Parliament, and European Commission to provide citizens with a greater level of control over their personal data.
After several years of refining and debating, the regulation was officially approved by European Parliament on April 14, 2016. The EU has allowed a two-year transition period for organisations to reach compliance. As of May 25, 2018, heavy fines will be levied against any business who does not meet the guidelines set out.
Will I be Affected by GDPR?
The GDPR has far-reaching implications for all citizens of the European Union and businesses operating within the EU, regardless of physical location. If businesses hope to offer goods or services to citizens of the EU, they will be subject to the penalties imposed by the GDPR. In addition, any business that holds personal data of EU citizens can be held accountable under the GDPR.
Some UK companies and organisations think GDPR does not apply to them because of the Brexit referendum vote. That’s not the case. GDPR still has implications. As part of Brexit, the UK will negotiate which pieces of EU legislation it keeps and which bits it gives back.
Ultimately, there may be elements of GDPR that won’t need to be adopted, but for the time being, companies should act as if GDPR wholly applies to them, especially if any UK companies operate internationally across multiple EU countries, not just in the UK.
What Sort of Data Will Fall Under the GDPR?
The regulations cover any information that can be classified as personal details or that can be used to determine your identity. Parental consent will be required to process any data relating to children ages 16 and under.
Examples of types of data:
- Email address
- Social media posts
- Personal medical information
- IP addresses
- Bank details
This new directive has clearly been created acknowledging that people produce much more sensitive data than they have ever before. Managing data on a large scale can be risky for organisations if they do not plan an appropriate strategy and update their systems to handle the influx. This kind of negligence can lead to data breaches or leaks.
The new regulations set out to give EU citizens full control of their personal data, and establishes a consistent standard for how organisations and businesses secure this data across the EU. In turn, this will simplify the regulatory environment for international business.
Further information can be found at the Information Commissioners Office: