You've probably already heard of the new European Data Protection Act, GDPR, which has a deadline for compliance no later than May 25, 2018.
Experts recommend all organisations who collect and store data review their operations and routines because the reality is that no matter which industry you work in, GDPR will probably affect how your company works with data. Employees in everything from HR, Marketing, Law and IT will need to review their systems, routines and apply the coming regulations on how to work with collecting and storing personal information.
GDPR stands for General Data Protection Regulation, and is more stringent than the Data Protection Act of 1998 in the UK. The purpose of the new act is to strengthen the protection of personal data. For most organisations, personal data might consist of information about employees as well as customers or potential customers but this act applies to any data that could be tied to an individual, including IP addresses.
Will the GDPR be adopted in the UK?
Yes. The UK plans to comply with GDPR despite withdrawing from the EU. On 21 June 2017, the Queen's Speech confirmed that the EU General Data Protection Regulation would apply to the UK even as Brexit negotiations unfold.
How will the rules of collecting and storing data change?
It has been nearly 20 years since the UK’s data protection laws were last updated. A lot has changed since the Data Protection Act 1998 and the new EU regulation is intended to help protect individual data in the modern world. There are many important changes, but here are the largest:
- The GPDR will apply to all organisations processing or controlling personal data in EU, and it also applies to organisations who process or control the personal data of individuals in the EU.
- Under GDPR organizations in breach of GDPR can be fined up to 4% of annual global turnover or €20 million (whichever is greater). Clouds will not be exempt from GDPR enforcement.
- The request for consent must be given in an intelligible and easily accessible form, with the purpose for data processing attached to that consent. It must be as easy to withdraw consent as it is to give it.
Is your organisation ready?
It has been a long and complicated process to produce the GDPR which was first drafted in 2012 meaning its 261 pages can be difficult to interpret. It is important to follow developments and to be certain of how your organisation will respond.
If your organisation is managing personal data, you should already be able to answer these questions:
- Why do we have information about individuals that we collect?
- Do we need that information?
- How is that data collected?
- Who has access to the data?
- What plan do we have in place in the event of a data breach?
- Who at the organisation is responsible for how we collect and manage our data?
- General Data Protection Regulation: The Basics, The Institute of Direct & Digital Marketing
A two-hour introductory course in London ideal for marketing companies or departments.
- General Data Protection Regulations (2017) - A General Introduction, Cosensa Learning and Development
A company-specific course ideal for senior leadership or committees tasked with investigating GDPR.
- GDPR Transition Programme, Henley Business School
Two workshops and six e-learning modules for data protection officers, leaders and senior managers.
A 1-day course and exam to achieve a Certified EU General Data Protection Regulation (EU GDPR) Foundation Certificate.