GDPR Compliance: In Plain English
The chances are you’ve heard the term GDPR banded about ten million times, but what is it and how does it actually affect you?
GDPR deadline is 25 May, 2018 (put it in your diary)
GDPR stands for General Data Protection Regulations. It is built around two key principles.
- Giving citizens and residents more control of their personal data
- Simplifying regulations for international businesses with a unifying regulation that stands across the European Union
It will change the way businesses and public sector organisations handle customer information. I am really surprised at the amount of scaremongering there is around the GDPR regulation that has led to so much confusion. Legislations are often arcane and convoluted, I find them unnecessarily unclear therefore I decided to re-draft my findings for concise, clear reading.
- GDPR comes into force 25 May, 2018.
- GDPR is Europe’s new framework for data protection laws and will replace previous 1995 data protection directive.
- You will be responsible for ensuring security measures and polices are in place to protect personal data.
- You are responsible to train your employees so that they understand what constitutes a personal data breach and build processes to pick up any red flags.
- You’re required to describe to individuals what you’re doing with their personal data.
- It gives individuals new rights to access the information companies keep about them.
- Sensitive data such as name, address, genetic data, information about political and religious views, sexual orientation, IP addresses and more will be covered by GDPR.
- Under GDPR, pseudonymised personal data will also be impacted. Pseudonymisation simply means data-masking.
- If an individual asks for the information the organisation has on them, the organisation will have to produce the info within one month.
- Requests for consent can no longer be hidden in small print but must be presented clearly – so no more pre-ticked boxes.
- It is your responsibility to ensure any third parties that you work with to collect data, store or move personal data are also compliant.
If you would like more information on GDPR and how it directly impacts you, feel free to get in touch and I will provide you with more information.
If you would like to learn more, feel free to read the full legislation your self here.