Keeping up to date with technological and legislative requirements can often seem like swimming against the tide. But there are few that will have such wide ramifications for businesses as GDPR, which is due to come into force in May 2018.
What Is GDPR?
The acronym stands for General Data Protection Regulation and it applies to personal information pertaining to any individual within the European Union. With or without Brexit, this law will apply in the UK from next spring, so it needs to be addressed by British businesses. It will also apply to non-EU organisations that use the personal data of EU nationals.
Essentially it’s about harmonising data protection regulations across the union, in order to make it easier to do business in the EU without getting caught out. It will also bring a new raft of digital rights for EU citizens enforced by strict regulation, violation of which can bring a fine of up to 4% of global turnover.
How Does It Define Personal Data?
Personal data is any piece of information that can be used to identify a person. Typically it includes obvious things such as their name and address. Also covered by GDPR is ‘sensitive personal data’ which includes such things as religious and political views, sexual orientation, and genetic information.
Under UK law such data is already protected, but GDPR also covers data that can be used less directly to identify somebody. For example, where more than one characteristic might in combination reveal an individual’s identity.
How Does It Affect My IT Systems?
Since data protection legislation was last changed in the late nineties the scale of usage of personal data has mushroomed. We create, capture, and hold more personal data than ever before and this has to be stored and transmitted securely. GDPR will ensure the costs of not doing so can be enormous.
If you are a ‘controller’ or ‘processor’ of personal data, you’ll be bound by the new rules. This means that most companies and organisations will need to take some action. Staff who handle affected data will need to be aware of the rules, files need to be encrypted, and data that’s no longer required should be permanently deleted from systems.
Sounds Scary
The good news is that if you’re already complying with the existing UK data protection laws, adapting to the new regime shouldn’t be that onerous. Companies using a large amount of personal data may need to appoint a data protection officer to help them to comply with their legal obligations, as will all public bodies and other organisations processing particularly sensitive data.
Mostly though, companies can best prepare for GDPR by making senior managers aware of the new regulations and how they should deal with a suspected breach.
Can I Get Help?
Naturally, many companies will need to get help in order to better understand their obligations under GDPR, and what they can do to ensure that their staff and systems meet the new requirements. If you want to know more, contact Everything Tech and we’ll help you on your way.