The GDPR will be introduced on 28th May 2018 to replace the current Data Protection Act. Any business or organisation that processes the personal data of EU residents has to make sure they are compliant.
So what do you need to know about these major changes? Here is a brief overview.
- Everyone will need to comply. Anyone who does business within the EU, will still need to comply with the new regulations.
- More data will be brought into the regulation criteria. This will broaden the definition of what personal data encompasses.
- The use of children’s data will be governed by much stricter rules. Parent’s consent will be needed for children under 16 years of age. This may vary across the EU as member states may seek to lower this age.
- Valid consent rules are changing. Silence or general inactivity will not constitute consent.
- Appointment of a Data Protection Officer. Public organisations and businesses whose core activities are data processing will need to appoint a Data Protection Officer.
- Privacy Impact Assessments must be undertaken. This is before any higher risk data activities start.
- Notifications of data breaches must be made. Within 72 hours of such occurrences, data controllers must be made aware.
- Right to be forgotten. The new regulations clearly state that under specific circumstances, the right to be forgotten can be exercised.
- Data transfer between countries. Data transfer between countries outside the EU will face new regulations.
- A change in the regulations for data processors. This means they can be held liable for data breaches.
- Data protection principles still stand. All systems and other processes need to take into account all the data protection principles.
- The GDPR makes it simpler. This is due to the fact that businesses and organisations will only have to deal with one single supervisory authority. It will be easier and more cost effective for companies to do business in the EU.
- Penalties will be greater under the GDPR. Organisations in breach of the new rules can expect administrative fines of up to 4% of annual global turnover or 20 million Euros – whichever is greater. Fines of this nature will inevitably lead to business insolvency.
- Brexit doesn’t affect the compliance of the GDPR. The UK government has already stated that GDPR will come into force before the UK leaves the EU and will apply thereafter.
Fifteen Group are here to help and advise and there are many ways in which you can make sure your business is prepared.
Get in touch today.
Contact