The General Data Protection Regulation (GDPR) comes into effect across Europe in May 2018 and will apply to the UK despite Brexit. As this is a ‘regulation’ rather than a ‘directive’ it is binding and effectively forms part of UK law as soon as it comes into force.
GDPR will apply to every organisation in the EU and any organisation holding data that belongs to an EU citizen.
- Have an obligation to erase data when customers ask to exercise their ‘right to be forgotten’ and withdraw their consent to storing or using their personal data.
- Have to get explicit consent to collect any personal data.
- Have to allow customers to see their own data on request.
- Have to inform the Information Commissioners Office within 72 hours following a serious data breach
It won’t be enough just to be compliant – You will also have to be able to demonstrate compliance!
What should you do now?
- Familiarise yourself with GDPR requirements
- Find out if you need to appoint a DPO
- Review data processing activities and identify gaps in compliance
- Understand the data you hold and where it resides.
- Review contracts, privacy notices and consent forms
- Put in place an appropriate governance framework
The GDPR is the biggest change in data protection ever to occur in the UK and will require major changes in the way both large and small companies work.
We are running a series of events with expert speakers providing information, insight and advice to help organisations understand their obligations and the opportunities.
The first event has already sold out and there are limited places left at the next event.
Click here to find out more.
Ignoring the regulation until it’s too late could be a costly mistake – fines imposed can be 4% of turnover or 20 Million Euro.
Originally published on Defence.Digital.