A Guide To GDPR (General Data Protection Regulation)
From the end of next month, the new data protection regulations in the EU come into force. You may have heard about this already in the news recently and wondered what this means for you.
This guide is aims to provide the basic principles behind the new legislation and clear up any misunderstandings. This is intended to be a basic introduction; if you are looking for specifics catered to your business in particular, we would recommend visiting the official GDPR site (eugdpr.org).
What is GDPR?
The General Data Protection Regulation has been created to update data protection laws across the European Union, bringing them into the 21st century and ensuring they are appropriate for the modern age.
Why is this happening now?
There is a feeling that the current legislation, which each country applies by themselves, is not appropriate anymore. In the UK, the current legislation was drafted 20 years ago, in the infancy of the Internet. With new advancements in technology and the way business is conducted these days, it is believed that new legislation should be drafted to reflect this. This will apply to all EU countries.
When does it become active?
GDPR will become active from 25 May 2018, for all current EU member states, including the UK. While it came into force back in May 2016, businesses have been given until the 25 May 2018 to ensure they comply with the new regulations.
Wait, what about Brexit?
Brexit will not have an effect on GDPR. The UK will remain part of the EU until next year at the bare minimum, and thus until then, the UK will operate under EU laws. Conversely, the UK government has indicated it’s support for the new regulation and is intending on continuing applying the regulation once the UK has left the EU.
Who does it apply to?
GDPR will apply to any person, organisation or company that holds personal data of their customers. Should you or your company currently be subject to the Data Protection Act, it will almost certainly be subject to the GDPR. Due to the nature of how business is conducted these days, GDPR regulations will apply to almost all businesses that have an online presence, but can also apply to some offline businesses too.
Personal data consists of any information that can be used to identify a person, so this would include first and last names, telephone numbers, email addresses, IP addresses, postal addresses, etc. It would also include sensitive data such as sexual orientation, nationality, religious beliefs, etc.
Can you access your own data?
Yes, the regulations are designed to give people more control over their own personal data. Upon request, companies will have 30 days to provide any personal data that they hold, and they must provide this in a readable format. People will have the right to know exactly how their data is being used, why it is necessary and who has access to it. They will have the right to change the data should this prove to be incorrect or outdated. They can also request the data to be removed, which companies must comply to unless there is a strong reason not to.
What if you suffer a data breach?
Should you suffer from a data breach whereby personal data is compromised, it will be your responsibility to inform your data protection authority. For the UK, you would need to contact the Information Commisioner’s Office. This must be done no later than 72 hours after first becoming aware of breach and you would need to outline what data is affected, how many people are affected, what the consequences could be, and the action taken upon discovering the breach. Failure to do so will result in potential fines of up to €10 million or 4% of annual revenue.
The takeaway here is that GDPR will affect most companies in the UK, especially those operating online, but it will affect each company in a slightly different way. Here at Soho66, we have been improving our infrastructure behind the scenes to ensure we comply with all GDPR regulations by the 25th May deadline. If you have any further questions or queries regarding the new GDPR rules, feel free to email us at support@soho66.co.uk.
Want more information?
Contact Support for more information on any of the features highlighted in this article.
- Tel: 03333 443 443
- Email: support@soho66.co.uk