Everything You Need to Know About GDPR
The General Data Protection Regulation, also known as the GDPR, came into force on 25 May 2018 to authorizes a baseline set of standards for companies to better safeguard the processing and movement of EU citizens’ personal data.
GDPR doesn’t only apply to businesses, but also customers. It revamps how public sector companies and businesses handle their customers’ information. From customers’ point of view, it also boosts their rights and gives them more control over their information.
That being said, there has been plenty of confusion surrounding GDPR. To help clear things up, WIRED has released a comprehensive guide to GDPR below.
What is GDPR, exactly?
GDPR is Europe’s new framework for data protection laws which replaces the previous 1995 data protection regulation. GDPR authorizes large changes for the public as well as businesses and bodies that handle personal information.
What did GDPR replace?
While each individual European country has the ability to make its own small changes, GDPR generally applies across the continent. The UK government has replaced the 1998 Data Protection Act with the 2018 revision.
Is my organization going to be impacted?
Organizations and individuals that are either ‘controllers’ or ‘processors’ of personal data will be covered by the GDPR. “If you are currently subject to the DPA, it is likely that you will also be subject to the GDPR,” the ICO says on its website.
Accountability and compliance
With GDPR, organizations are responsible for their handling of people’s personal information. This includes having data protection impact assessments, data protection policies, and relevant documents on how data is processed.
So, what’s different?
There are 99 articles in the full text of GDPR, setting out the eight rights of individuals and numerous obligations placed on organizations covered by the regulation. It applies to both parties now.
Access to your data
GDPR gives individuals a lot more power to access the information that’s held by organizations. An individual has the ability to ask an organization to provide stored data about them.
GDPR fines
One of the biggest elements of GDPR is the ability for regulators to fine organizations that don’t comply with it. The GDPR states smaller offences could result in fines of up to €10 million or two per cent of a firm’s global turnover (whichever is greater).
Brexit and GDPR
The UK’s 2018 Data Protection Act is an almost identical copy of GDPR. Thus, when the UK leaves the EU, there won’t be a huge shift in the law. However, there could be changes depending on what deals the UK leaves with.
What should we do to comply?
Data protection is constantly changing, so keeping on top of data can be a tricky thing. To help organizations, ICO has published a GPDR guide which sets out all of the different rights and principles of the regulation.
What if we don’t comply from day one?
Organizations impacted by GDPR have had two years to get their systems ready to comply. Organizations are expected to at least show awareness and take steps to comply with GDPR so they are likely to be treated better with punishments.
For more information and in-depth reading about GPDR, read the full article by WIRED in the link below.