By now we are pretty sure you have heard of GDPR, but do you know exactly what it is and what it means for your business?
The General Data Protection Regulation (GDPR) replaces the Data Protection Directive and is designed to standardise data privacy laws across Europe.
With the internet, social media and the fact our personal information is being shared all over the place, it isn’t surprising that this new regulation has been implemented to encourage businesses to think more about the data they hold and how they can keep it secure. The idea behind this regulation is to ultimately give control back to the public. It will ensure that individuals are aware of what data businesses hold on them and how it is shared with others.
The internet is awash with guides and resources regarding GDPR, so we wanted to help you unravel the jargon and understand some terms used in these regulations.
Who does GDPR affect?
The simply answer is everyone. If you are a business, regardless of size, it affects you. GDPR applies to all companies processing and holding personal data of data subjects residing in the EU.
Here are 3 key guidelines to follow:
If your business has 250 employees or more then you are required to have a designated Data Protection Officer
If there is a breach of data, regardless of whether the data is lost or stolen, you must report the breach to the official authorities
Consent must be obtained from the data subject for any use of its data
It is important to note however that if you are a business with less than 250 employees, GDPR will only provide you with exemption on record keeping, therefore you must comply with all other regulations.
What is personal data?
Personal data is any information related to a person that can be used to identify them. It can be as simple as a name, National Insurance number, photo, email address, bank account information, doctors records or social media posts.
What is a data processor and what is a data controller?
The clue is in the name. A controller controls the data, They determine why it is used, when it is used and how it is used. A processor on the other hand simply processes the data on behalf of the controller. A processor has no control or ownership over the data.
What will happen if i don’t comply?
If a business is found guilty of breaching GPDR then, in the most serious cases, they can be fined up to a maximum of 4% of their annual turnover or €20 million. Dependant on the size of the business there is also a lower tier fine which is up to a maximum of 2% of the businesses annual turnover or a maximum of €10 million.
Some may say that these penalties are a little harsh. Maybe they are, but the reason for such hefty fines is to make sure businesses take GDPR seriously.
When does GDPR kick in?
GDPR comes into force on the 25th May 2018. So pop this date in your diary and make sure you are prepared.
Want more advice on how to prepare your business for GDPR? Get in touch with our team today.