What is GDPR?
GDPR is EU’s General Data Protection Regulation, a new directive that will enforce businesses to install stronger data security and privacy rules for protecting personal data. These regulations supersede any previous legislation and will come into force in May next year. Failure to comply can result in fines of up to 4% of global annual turnover!
As 2017 has already become a frantic scramble to prepare for next year’s GDPR, we provide a rundown of who the regulations affect and how you can prepare for the milestone.
Who must comply with the GDPR?
The GDPR applies to anyone who ‘controls or processes’ personal data in and outside the EU. That includes profit-seeking companies to IT firms, charities to agencies. The responsibility of handling data falls to both sides; those that collect and manage data and those who process and maintain data records.
How does it affect you?
The new regulations will force all companies to control and manage how and why personal data is processed. Data can only be used for a specific purpose. Once that purpose is achieved, the data must then be deleted.
What is personal data?
Personal data includes any information which can identify a specific person. This includes economic, cultural or mental health information, IP addresses and the existing definitions covered under the Data Protection Act as it currently stands.
How do I get consent once the GDPR is in place? This is when good recording keeping comes into play! All companies who ‘control’ personal data must keep a record of how and why that information was obtained; it must record how it will be processed. And it must provide the opportunity for individuals to amend or check the data held on file; or withdraw consent at any one time.
The GDPR mandates that consent must be ‘freely given, specific, informed, and unambiguous’. You will no longer be able to have a pre-ticked box and opt-in based on inactivity.
Data breaches & penalties
If there has been a breach to the data you hold on file, you must contact your data protection authority, the Information Commissioner’s Office, within 72 hours of discovering the leak. Companies who do not meet this time frame can face penalties of up to £10 million or 2% of their global annual revenue; whichever is greater.
Failure to comply with the new regulations can also incur penalties of up to £20 million or 4% of your global annual turnover – whichever is greater.
Don’t be caught out by the new regulations and prepare yourself for next year’s stringent regulations; giving you piece of mind and the reduced risk of astronomical fines. To guide you through the process, read the full article here.
Have your say and tweet us @ClearVoiceComms
At ClearVoice™, we are experts in delivering employee communications and engagement solutions. We inspire and motivate your workforce to increase your company’s productivity and profits. For more information on securing your data and how to manage the GDPR change, call or email us today and let us show you how engagement can boost your organisation.