01372 940290

What is GDPR and do you have to do anthing?

April 26, 2017 in Blog by Liz Turner  |  Comments Off on What is GDPR and do you have to do anthing?

You’ve probably heard of GDPR but what does it mean?  Firstly, it stands for General Data Protection Regulation.  The main objectives are:

  • To give everyone in the EU back control of their personal data
  • Simplify the regulatory environment for international businesses as there are so many regulations that it’s all getting a bit confusing

It will apply from 25th May 2018 so just over a year to prepare.  It will also supersede the Data Protection Act 1998 (the one we all know and love).

But we’re leaving the EU so can’t I ignore it?  Even through Article 50 has been triggered, the UK won’t be out of the EU by May 2018 so this regulation is not something to be ignored!

Is it just for organisations in the EU?  No.  It applies to any organisation that markets goods or services to EU residents, regardless of its location.

So who does it apply to?  There are two groups that should abide by the GDPR:

  • Controllers.  A data controller states how and why personal data is processed (this could be any organisation whether charity or profit making company)
  • Processors.  A data processor is the group doing the actual processing (this could be an IT company)

It’s the controller’s responsibility to ensure their processor abides by the new regulations.

So what do we actually have to do?  Controllers must ensure personal data is processed lawfully, transparently and for a specific purpose.  Once that purpose has been fulfilled then the data is no longer required so it should be deleted.  So personal data can’t just be kept forever.  They’ll have to keep a record of how and when an individual gave permission – and make it easy for that individual to withdraw their consent.  According to the European Commission, personal data is “any information relating to an invididual, whether it relates to his or her private, professional or public life.  It can be anything from a name, a home address, a photo, an email address, bank details, posts on social networking sites, medical informaton, or a computer’s IP address”

Controllers also have to make it easy for people to access their data (they’ll have to approach the company to get access and the company must get back to them within a month).

There’s also the “right to be forgotten”.  This is when inviduals can ask for their data to be deleted if it’s no longer necessary for the purpose for which it’s been collected.

What happens if there’s a data breach?  If a company suffers a data breach then they must notify the data protection authority within 72 hours.  If this doesn’t happen then there’s a big fine…up to 10m Euros or 2% of your global annual turnover, whichever is greater.

What happens if you don’t comply with the new regulation?  The fines get worse.  Up to 20m Euros or 4% of your global annual turnover, whichever is greater.

So what’s next?  Start preparing now.  Determine if your company needs a data protection officer to oversee the process.  Take a look at your current processes and procedures for data security, you may already be covered.  Ensure any personal data that you currently store is secure – this should already be the case though.  Check the data protection policies of your 3rd party suppliers as they may be your processors – you don’t want them to let you down.  You may have to amend the contracts with your suppliers to make sure everything is covered.  This is the toughest privacy regulation in the world so don’t leave it to the last minute.  As you can imagine, the internet is full of useful advice.  I recommend that your next port of call is the main GDRP website

External links:

Posted in Blog and tagged , .

Comments are closed.

Thinking of moving to Office 365?

Would you like to move to Office 365 but need a bit of help making sure it all runs smoothly? Are you worried that if you move then your business may be without emails for a few days? We can help! We’ll run through the pros and cons with you just to make sure this is the right choice for your business. Then we’ll plan the migration to ensure it all goes smoothly without any interruptions to your business. Speak to us to find out how we can help

Read More

What’s different about us?

When you do an internet search for an IT support company, you’ll be faced with hundreds of results. So why talk to us? Well, we’re a small company so the people that you speak to on the phone will be the same people that visit you in your office. We don’t hide behind IT jargon. We’ll find out the priorities of your business and make them our priorities too. We’ll even call you back when we say we will (apparently this is unusual!)

Read More

What happens when you move to Waytime?

We can understand why even the thought of moving to a different supplier gives you a headache. So we’ll try to make the process as smooth and pain-free as possible. Click ‘Read More’ below to find out what we suggest…

Read More

Moving offices?

When it comes to moving to a new office, relocating networks and the all-important IT infrastructure that goes with it can't be left to chance. The team at Waytime has years of experience in moving systems. We simply know what to expect and have the expertise on hand to anticipate and deal with problems before they happen.

Read More