So what is the GDPR?
General Data Protection Regulation (GDPR) is new piece of legislation which comes into force on 25th May 2018.
This new piece of legislation will replace and expand on existing laws which provides rules and guidelines on how data relating to individuals can be obtained, held and used by organisations. This is an EU-wide enactment which will become mandatory for all businesses regardless of any Brexit negotiation. In short, any business that deals with, has access to or stores personal information in relation to individuals will need to ensure that they are able to uphold these increased data protection standards.
Do the new rules apply to me and my company?
If you are a controller or processor of the personal data of an individual within the EU, then yes, these rules are applicable to you.
The GDPR applies to entities considered to be ‘controllers’ and ‘processors’ of data. Broadly, ‘controllers’ are responsible for how and why personal data is processed and the ‘processor’ acts on the controllers behalf.
Stricter rules governing data, including gaining, use and storage of all personal data apply. This may include CV’s from job applicants, email addresses and any other form of personal data will fall under the legislation.
Given the recent spate of cyber security attacks on global organisations and the ensuing fallout from these, data security is something that will be high on
the agenda for the Information Commissioners Office and therefore, should be high on yours too!
The GDPR can be broken down into six principles which make it a little easier for business leaders to understand:
- Ensuring that data is processed lawfully, fairly and transparently
- It must be collected for explicit and legitimate purposes
- It’s use is limited to what is strictly necessary
- The data must be accurate and where necessary, kept up to date
- Should not be kept for any longer than strictly required; and
- There should be adequate security measures in place to ensure protection
How can I ensure compliance?
Remember this is your gig so make sure you’re compliant before the rules are enacted into UK law! The below should serve as a useful guide – if you have any questions, give us a call to discuss and we’ll be happy to assist.