GDPR Summary

An overview of the General Data Protection Regulation (GDPR) which comes into force in May 2018.

General Data Protection Regulation - Overview

WHAT IS GDPR?

The 1995 Data Protection Regulation was completely outdated with today’s technology and internet so in April 2016, the European Parliament refreshed data protection with the GDPR – General Data Protection Regulation.

 

The regulation requires that businesses have to ensure the protection of personal data and privacy of EU citizens for transactions that occur within European Union member states.

 

The regulation also covers the exportation of data outside of the EU.

WHO DOES IT APPLY TO?

Businesses that store or process any personal information about European Union citizens within the EU states have to comply with GDPR. 

 

  • A presence in an EU country.
  • No presence in the EU, but it processes personal data of European residents.
  • More than 250 employees.
  • Fewer than 250 employees but its data-processing impacts the rights and freedoms of data subjects, is not occasional or includes certain types of sensitive personal data.

WHICH DATA IS INCLUDED?

Below is a list privacy data which is protected under the GDPR:

 

  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation

YOUR GDPR PLAN

Your 12 Step Plan:

  • Awareness
  • Information You Hold
  • Communicating Privacy Information
  • Individuals Rights
  • Subject Access Requests
  • Lawful Basis for Processing Personal Data
  • Consent
  • Children
  • Data Breaches
  • Data Protection by Design and Data
    Protection Impact Assessments
  • Data Protection Officers
  • International

DATA PROTECTION OFFICER

 The GDPR calls for the mandatory appointment of a DPO for businesses that processes or stores large amounts of personal data, this includes both employees and individuals outside the organisation.

 

DPOs must be “appointed for all public authorities, and where the core activities of the controller or the processor involve ‘regular and systematic monitoring of data subjects on a large scale’ or where the entity conducts large-scale processing of ‘special categories of personal data,’ like that which details race or ethnicity or religious beliefs.

WHAT IS THE FINE?

The GDPR allows for hefty penalties of up to €20 million or 4% of global annual turnover, whichever is higher, for non-compliance.

 

Deadline:

May, 25th, 2018

 

 

 

 

GDPR Resources

Handy, useful and actionable resources to help ensure your business is GDPR compliant in time.

12 Step Checklist

12 Step Checklist

The ICO 12 Step guide puts you on the right track. View here.
Readiness Assessment

Readiness Assessment

A readiness test to determine if you and your business are ready and compliant. View here.

GDPR Courses

We offer a selection of GDPR related courses that can ensure you and your team get the best training to prepare for May 2018.

View Courses