GDPR will have a big impact on business and organisations in the UK. But what does GDPR actually means to your business and what is it? Tech-Wales will give you a quick overview and guide to what the new regulation means and what it will mean for your business.
What is GDPR
GDPR stands for “General Data Protection Regulation” and is a new privacy law for the European Union which will come into force on in May 2018. The General Data Protection Regulation (GDPR) will replace the current Data Protection Act. GDPR will give individuals more control of their personal data, will provide more transparency regarding the use of personal data and demands security and checks to protect personal data.
GDPR will be enforced by authorities with checks and hefty fines will be handed out to organisations who breach GDPR. There are two tiers of administrative fines that can be levied.
- Up to €10 million, or 2% annual global turnover – whichever is higher.
- Up to €20 million, or 4% annual global turnover – whichever is higher.
GDPR will have a big impact on all organisations and their processes. From marketing and sales to customer support, finance and administration.
Is GDPR applicable to your business or organisation?
GDPR is more applicable than you might think at first. The law creates new rules for companies, government institutions, non-profit organisations and all other organisations that provide products and services for people in the European Union (EU) or that collects or analyses data that is connected to those European citizens. The law applies to all organisations located in the EU, offering services or goods in the EU or organisations observing or monitoring the behavior of EU residents.
Unlike privacy laws in other jurisdictions GDPR applies to organisations of all sizes and from all sectors. The EU is seen internationally as a role model for privacy legislation. We can therefor expect the concepts of GDPR to be adopted elsewhere in the world over time.
When will GDPR take effect?
GDPR will take effect from 25th May 2018. GDPR was adopted as a law in April 2016 but given the major changes that many organisations will have to make to be compliant a transitional period of two years has been agreed. From May 2018 all organizations to which European rules apply must comply with the law.
What are the basic principles of the GDPR?
The GDPR is built around six principles:
- Personal data shall be processed lawfully, fairly & in a transparent manner.
- Personal data can only be collected for specified, explicit & legitimate purposes and not further processed.
- Personal Data will be adequate, relevant and limited to what is necessary.
- Personal data shall be accurate, and kept up to date & every reasonable step must be taken to ensure inaccurate data is rectified without delay.
- Personal data needs to be kept in a form which permits identification of subjects for no longer than is necessary for the purposes for which it is processed.
- Personal Data shall be processed in a manner that ensures appropriate security including protection against unauthorised or unlawful processing and against accidental loss, destruction or damage using appropriate technical or organisational measures.
In the whitepaper “Beginning your GDPR journey”, Microsoft offers you more information and a basic manual. Download the whitepaper here.
At Tech-Wales we offer excellent IT consultancy services and cloud computing services ensuring all personal data is kept in a safe environment according to GDPR. We offer service at competitive rates with great customer care. Contact us now on 01639 326001.