It is time to start thinking about your path to GDPR compliance. An individual or team of people need to take charge of GDPR and assess how the new regulations will affect the processes and procedures across every department. There are three areas to review: Procedure, Technology and Governance.
- The EU’s General Data Protection Regulation (GDPR) will apply from 25 May 2018
- Organisations found in breach of the Regulation can expect administrative fines of up to 4% of annual global turnover or €20 million – whichever is greater.
- Under the GDPR there is a requirement for organisations to report a personal data breach to authorities such as the ICO, no later than 72 hours after having become aware of it
- UK organisations handling personal data will still need to comply with the General Data Protection Regulation (GDPR), regardless of Brexit. The GDPR will come into force before the UK leaves the EU, and the government has confirmed that the Regulation will apply
- An organisation will not be able to charge for a Subject Access Request (SAR) under the GDPR unless the request is ‘manifestly unfounded or excessive’.
- The GDPR considers any data that can be used to identify an individual as personal data. It includes, for the first time, things such as genetic, mental, cultural, economic or social information.