Firstly, what is GDPR?
GDPR is coming into force on 28th May 2018. But do you know how it will impact you and your business, and what you need to do in order to prepare?
GDPR stands for General Data Protection Regulation. It is a new law that has passed which changes the way businesses store and handle personal data.
This gives every individual the right of the control of their personal data and simplifies the regulations for international businesses by unifying regulations within the EU.
What does GDPR mean for individuals?
GDPR would mean that individuals have the right of:
- Accessing their data whenever they want to
- Be informed of any breaches
- Have the ‘right to be forgotten’
- Have the right to change any of their information
- Reject having their data processed
- Have the right to transfer their information from one place to another
Which businesses would GDPR apply to?
- GDPR will apply to any company which processes the personal information of EU citizens
- Even businesses with less than 250 employees will be affected
What do businesses have to do as a result?
The Information Commissioner’s Office has created a checklist guide to help businesses make sure they know what to do for GDPR.
This would mean that businesses have to comply with the following:
- Businesses which process and deal with personal information on a large scale will need to employ a DPO (Data Protection Officer) who will ensure the business is complying by GDPR correctly.
- Personal data cannot be kept longer than necessary.
- It can only be used for a limited time for a specific purpose.
- It has to be kept extremely secure.
- It cannot be shared with others.
- It has to be used lawfully.
- If an individual no longer wants a contract with you, they have a ‘right to be forgotten’ – i.e. their personal information has to be erased.