This new piece of EU data protection law – the General Data Protection Regulation – represents a huge shake up to the way businesses of all sizes are required to locate, manage, record and protect personal data of the individuals they do business with. It’s all change on 25 May 2018, with no transition period – and the potential is business-crippling fines if your organisation is found to be non-compliant.
Key changes introduced by the GDPR
The GDPR will supersede the current Data Protection Act (DPA) and will extend individuals’ data rights.
A number of key changes to data protection law:
It broadens the definition of ‘personal data’ to encompass an individual’s mental, economic, cultural and social identity.
It changes the rules for obtaining valid consent when collecting data. Consent must be given by a clear and affirmative action.
It mandates the appointment of a data protection officer (DPO) for certain companies.
It requires data protection impact assessments (DPIAs) for organisations that undertake high-risk data processing activities.
Data controllers will have to report a data breach within 72 hours of discovery.
It gives data subjects the right to be forgotten.
Parental (or equivalent) consent to process children’s data.
With organisations facing significant fines for non-compliance (up to 4% of annual global turnover or €20 million – whichever is greater), it is imperative that all employees, including senior executives / decision-makers, understand the basic requirements of the new Regulation and how it will affect them.
What is your current position with GDPR compliance?
A critical factor in starting a GDPR project is understanding your current GDPR compliance position. We work through a GDPR Gap Analysis of your organisation’s current level of compliance with the Regulation, where this helps identify key areas that your organisation must address, such as DPO requirements, data protection impact assessments (DPIAs), incident response and data breach notification, and subject access requests.
Concerned as a business or organisation that you are not meeting compliance with GDPR (General Data Protection Regulation)? So, what are your options…?
Members PC Help Centre Limited have structured a GDPR Training Course where they guide businesses through a step-by-step questionnaire & gap analysis process.
To see an overview of what the masterclass entails click here