Q. What are the General Data Privacy Regulations (GDPR) ?
The new data privacy regulations for EU subjects become law on May 25th 2018 and are a new set of legal requirements that ALL companies who handle Personal Data must comply with or face heavy fines. This new law will replace the 1998 DPA in the UK and the previous EEU Directives across the EEU. The new UK Data Protection. If you collect or use personal data about an EU subject-it affects you.
Q. What is classified as Personal Data under these new regulations?
Apart from a few exceptions all data you hold on an EEU “living individual” is classified as Personal Data some is even deemed “Sensitive” and has special restrictions or usage mandates.
Q. What is the difference between the current DPA and these new laws?
There are many differences in the 2 definitions mostly around the Data Subject’s Rights and the huge fines that can now be levied by the Member States Supervisory Authority for mishandling or breaches in data security.
If you collect, store, process or keep Personal Data for any reason you are either a Data Controller or a Data Processor. Do you know which you are and what your obligations are?
Click here to see the 6 screening questions to assess if you are a data processor or a data controller-both have different obligations under the new laws.
Its not all doom and gloom though. Many of the regulations may not be applicable to your business directly and others may only be applicable to your suppliers and partners.
Certain aspects of working across the EEU will actually improve…..easier data base integrations, easier transferring of your data for new bank accounts and swapping utilities, as well as the ability to have all your data removed etc.
However the fines for businesses who don’t comply can be punitive as can the level of compliance you need to apply depending on what your business does with Personal Data.
You may be able to outsource much of the security and protection you need but you will still need to have internal processes and procedures to protect this data and reduce your cyber security insurance premiums.
Mitigate GDPR is a fully insured, trusted, vendor agnostic consulting service so we can work with existing providers or any of your internal teams without a conflict of interest or preferred technology. We can make recommendations on how to best secure your systems but are not tied or benefit from any vendor you deploy.
Need to mitigate the impact of the GDPR on your business? -Get in touch.
Need to understand what you need to do to retain business continuity and what you do not need to worry about in application of the GDPR in your business? Want to mitigate the costs and demands on your business? Learn More
These regulations become LAW across Europe in May 2018 with fines of up to 4% of annual global turnover or 20 million euros per incident. Are you ready?
Get in Touch: firstname.lastname@example.org