GDPR – What is it and what do you need to know?
As you may already be aware, strict new regulations on 25 May 2018 will come into force that mean thousands of businesses are facing a massive upheaval in the way they handle their personal data. With this thought in mind, Advance Computers have put together some facts you’ll need to know in order to stay compliant, along with how you can prepare for the GDPR (General Data Protection Regulation) in time for the deadline next year.
What is GDPR?
As stated, on 25th May 2018, the GDPR will be introduced. It’s been developed by the EU in order to update data protection policies and change how data is stored, secured and managed. This is because the current legislations were put into place before unseen advancements in technology offered companies newer ways in which they could exploit data which is a matter the GDPR hopes to address.
It will be replacing the Data Protection Directive 1995 and means greater fines for breaches and non-compliance all the while giving people more say over what businesses are able to do with their data. This includes sensitive data such as usernames, bank details, location data, medical records, IP addresses or passwords. In addition it means that data protection rules will more or less be the same throughout all of the EU.
Who does the GDRP affect?
This new regulation will affect the whole EU Zone, which currently makes up 28 countries and half a billion citizens. That being said, companies outside of the EU still need to make sure they meet the necessary standards if they trade with the EU and want to continue using the data from customers.
But what about Brexit? Although the UK will be leaving the EU, the GDRP will come into effect before the legal consequences of the vote, so that means that the UK must for the time being, still comply.
How will it affect my business?
One of the largest changes that all UK business must be aware of is the hefty fines that are charged for non-compliance. Also, if a customer makes a request for access to their data, you’ll no longer be able to charge them a fee and will have 40 days to release their information. If there’s a serious data breach, organisations will have only 72 hours after it’s discovered to make it known to the relevant authority (that’s the Information Commissioner’s Office ICO for those in the UK) as well as making it known to the victim of the breach.
Preparing for the GDPR deadline
Remember, your business has until 25th May 2018 to be compliant and unfortunately it’s estimated that more than half of companies won’t be ready in time, despite large non-compliance fines. We would certainly suggest you start preparing to comply with the GDPR sooner rather than later. The length of time it could take to recreate, amend and adjust your current data protection shouldn’t be underestimated and it will save a lot of stress and hassle to start thinking ahead now. A good place to start is by reading this GDRP Pocket guide here which helps you gain a better understanding of the requirements.