The EU General Data Protection Regulation (GDPR) will bring changes in data privacy regulation, making it the most important change in 20 years. The GDPR was approved by the EU Parliament on 14 April 2016 and will be enforced from 25 May 2018.
This May deadline is approaching fast, so it’s crucial that you ensure you are prepared for the coming changes and know exactly how they will affect your business.
What is GDPR?
First of all, it’s important to know what GDPR really is. This new regulation will replace the Data Protection Directive 95/46/EC and was created to ‘harmonise data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organisations across the region approach data privacy.’
GDPR will place great importance on the obligation of data controllers (meaning those who determine the way data is processed) and obligates them to a number of new requirements.
This will mean more accountability. Companies that process EU personal data will have to create and maintain records that comply with the new regulations.
Will Your Business Be Affected?
You may believe that, because of Brexit, GDPR won’t affect you. However, this is not the case. Any business and public body that processes the personal data of EU residents will be affected.
In addition, if you offer goods or services to individuals in the European Union or monitor their behaviour (even if you don’t have a presence in the EU), your business will also be affected by GDPR. The same goes if you process personal data of EU citizens on behalf of other businesses.
If your business already operates under a best-practice model or has certain certifications, such as the ISO 27001, you won’t see much of a difference once 25th May hits.
How will GDPR Affect Your Business?
You may find that GDPR will evoke significant process and business model changes. After all, you will have to meet the new regulations as soon as 25th May rolls around – National Data Protection Authorities will be able to perform audits to ensure that these requisites are, indeed, being followed.
Some of the new requirements include:
- The ‘right’ to be forgotten – individuals will be able to have their data removed from an organisation, for example, and will also have the right to object to the way that data is processed.
- Consent – the conditions of consent will be strengthened with the GDPR, with businesses not being able to use long illegible terms and conditions; individuals will have to give specific consent for their data to be processed. This consent needs to be requested in a simple manner and, if the individual wishes to withdraw it, you need to make it easy for them to do so.
- Privacy notices – according to the GDPR, there is some specific information that needs to be included in privacy notices, and which need to be given in a clear manner. You will also have to provide individuals with the knowledge of what will be done with their data in an easy-to-understand way.
Individuals will have their data privacy rights expanded, so they’ll have a right to compensation if affected by a breach of their personal data. So, if your business is not compliant with the new regulations, you may face heavy fines. The maximum penalties will either be 4% of your annual global turnover or €20 million, whichever is greater.
You can read more about the GDPR key changes here.
How to Prepare for GDPR?
There are several ways to ensure that you are ready for GDPR, such as:
- Ensuring you and your employees understand what GDPR involves and what new responsibilities come with it
- Looking at your privacy policy and updating it if you need it
- Knowing what information you’re currently holding about EU residents
- Making sure that you have processes in places that deal with any data breaches immediately, from protecting against them to reporting them
- Thinking about how you’re going to gain consent from your customers
- Individuals will be able to request access to their data, so you need to consider how you’re going to deal with these requests as well
GDPR is coming and both you and your business need to be prepared for the changes the new regulations are going to bring. At ICS, we can help you navigate this process, so feel free to contact us at any time!
To learn more about GDPR and how it will affect your business, download our FREE guide here.