The General Data Protection Regulation (GDPR) will come into effect on May 25th 2018, changing the way that businesses and public sector organisations are able to handle the data of individuals.
It is your responsibility to ensure that your business is compliant before GDPR comes into effect.
What is GDPR?
The European General Data Protection Regulation (Regulation (EU) 2016/679) is Europe’s new framework for data protection laws and will replace the previous 1995 Data Protection Directive.
The new regulation has been introduced by the European Parliament, the Council of the European Union and the European Commission to update and strengthen data protection for all individuals within the European Union (EU).
Its provisions in the UK will be covered by a new Data Protection Bill which replaces the current UK legislation (Data Protection Act 1998) and defines how personal data can be used by companies, the government and other organisations.
Speaking on GDPR and the UK’s new Data Protection Bill, Matt Hancock, Minister of State for Digital said:
“Our measures are designed to support businesses in their use of data, and give consumers the confidence that their data is protected and those who misuse it will be held to account.”
“The new Data Protection Bill will give us one of the most robust, yet dynamic, set of data laws in the world. The Bill will give people more control over their data, require more consent for its use, and prepare Britain for Brexit. We have some of the best data science in the world and this new law will help it to thrive.”
The EU’s GDPR website states that the new legislation is designed to “harmonise” data privacy laws across Europe and give greater protection and privacy rights to individuals.
The UK’s new Data Protection Bill will:
Make it easier to withdraw consent for the use of personal data.
Allow individuals to ask for their personal data to be deleted by companies that store it.
Allow parents and guardians to provide consent for use of their child’s data.
Require ‘explicit’ consent to be given for the processing of sensitive personal data.
Expand the definition of ‘personal data’ to include IP addresses, internet cookies and DNA.
Update and strengthen data protection law to reflect the changing nature and scope of the digital economy.
Make it easier and free for people to request for an organisation to disclose any personal data it holds on them.
Make it easier for customers to move data between service providers.
Introduce new criminal offences to deter organisations from either intentionally or recklessly creating situations where someone could be identified from anonymised data.
How will GDPR affect businesses?
Businesses will be made more accountable for the data they process. The data protection regulator, the Information Commissioner’s Office (ICO), will have greater powers to defend consumer interests and will be able to issue fines of up to £17 million or 4 per cent of global turnover in cases of serious data breaches.
Data protection rules will be made clearer for those who handle data and businesses will be supported to ensure they are able to effectively manage and secure personal information. Organisations carrying out high-risk data processing will be obliged to conduct impact assessments to evaluate the risks involved.
The new legislation will give individuals more control over their data by providing the right to ask for their personal data to be erased. Default opt-out or pre-selected ‘tick boxes’ that give consent for organisations to collect and use personal data will also become a thing of the past.
How can I ensure my business is compliant?
The ICO have released a guide that advises on 12 steps that your business can take in preparation for the General Data Protection Regulation. This is a great place to start and will help you to gain understanding and awareness of measures you must take to ensure that your business is compliant before the 25th May 2018.
Document Network Services support the aims of the Data Protection Bill that implements GDPR in full. As such, we have arranged a series of GDPR Awareness Workshops to help local businesses learn about technology that could help to achieve compliance with the new legislation.