GDPR Basics for Businesses: Understanding the new regulations
As the date of the European General Data Protection Regulation (GDPR) becomes law gets closer (25 May, 2018), many business owners are still asking “what does GDPR mean”. Here we outline the GDPR basics that must be considered.
GDPR will apply to any business or organisation that processes the personal data of EU citizens. The main objectives of the new laws are to;
– give citizens and residents back control of their personal data
– simplify the regulatory environment for international business by unifying the regulation within the EU.
Data protection is now impossible to ignore and businesses and organisations who fail to comply will be met with fines.
The EU General Data Protection Regulation (GDPR) regulations replace the Data Protection Directive 95/46/EC. Any company, large or small, will have to comply with new regulations regarding the secure collection, storage and usage of personal information.
Even though the UK has voted to leave the EU, UK business will still have to comply with new regulations if they hold and process EU citizens data. Digital minister Matt Hancock confirmed that the UK will replace the 1988 Data Protection Act (DPA) with legislation that mirrors the GDPR post-Brexit.
GDPR Basics – The key points of are:
1. Large Businesses
Businesses and organisations with over 250 employees must hire a Data Protection Officer (DPO) who is responsible for ensuring that a business collects and secures personal data responsibly and within the guidelines. Article 30 of the GDPR regulation states that organisations with less than 250 employees will not be bound by GDPR
2. Small Businesses
The new GDPR laws will also apply to small businesses with under 250 employees if data collected and processed is likely to result in a risk to the rights and freedoms of data subjects, the processing is not occasional, or the processing includes special categories of data as defined in GDPR Article 9.
3. Data Breaches
Breaches in data security must be reported immediately to data protection authorities such as the Information Commissioner’s Office (ICO) in the UK. Ideally, breaches should be reported within 24 hours if possible but at least within 72 hours.
4. Personal Data
Under the new laws individuals have more rights dictating how businesses use their personal data, including the ‘right to be forgotten’ if they either withdraw their consent to the use of their personal data or if keeping that data is no longer required.
5. Fines and Penalties
GDPR laws will lead to heavier penalties for business and organisations data controllers and processors for non-compliance. Currently the ICO can impose fines of up to £500,000 for malpractice but under GDPR will be able to fine up to €20 million or 4 per cent of annual turnover (whichever is higher).
Using UNIQUEDOC your business data is kept safe and secure making you compliant when storing sensitive information and client data. Contact us today for more information on how UNIQUEDOC can be included in your GDPR Toolkit.