We have all been inundated with e-mails asking us to “opt-in” or “stay in touch” therefore, there is no doubt that you will be aware of the General Data Protection Regulation (GDPR) which came into force on the 25th May 2018.
The GDPR applies to all European Union (EU) citizens and replaces the Data Protection Act 1998. The GDPR seeks to protect the privacy of individuals and give them more control over how their personal data is used. Whether you are a “data controller” or “data processor” you will be affected by the GDPR. Businesses based outside of the EEA but providing goods/services to EU citizens will also be subject to the GDPR.
The GDPR imposes greater transparency and accountability obligations on businesses in relation to the personal data they process. It is important that decisions made in relation to the processing of personal data are documented to show compliance with the GDPR. Greater transparency means informing individuals of the personal data you collect and your lawful basis for doing so.
Individuals have a number of additional rights available to them under the GDPR, such as the right to erasure (the right to be forgotten), the right to data portability and rights in relation to automated decision making and profiling. An individual also has the right to complain to a supervisory authority. This is the Information Commissioners Office (ICO) in the UK.
The change which has captured the attention of all businesses is the level of fine which may be imposed. A company can incur a fine of up to EUR 20 million or 4% of the global annual turnover (whichever is higher) if it is found to be in breach of the GDPR.
Although the deadline has passed, the requirment to comply with GDPR is ongoing and businesses are continuing to implement measures to ensure that they are compliant. If you have not yet implemented the GDPR requirements ,do not panic. It is important to begin the process to become compliant and our team is here to help!