What is the General Data Protection Regulation (GDPR)?

THE EUROPEAN COMMISSIONINTENDS TO STRENGTHENEXISTING DATA PROTECTIONLAWS FOR INDIVIDUALSWITHIN THE EU WITH A NEWPOLICY KNOWN AS THEGENERAL DATA PROTECTIONREGULATION (GDPR)

When does the new regulation come into force?

INTENDS TO STRENGTHENEXISTING DATA PROTECTIONLAWS FOR INDIVIDUALS

POLICY KNOWN AS THEGENERAL DATA PROTECTION

IT IS EXPECTED THAT THEGDPR WILL COME INTO FORCE ON 25 MAY 2018

What are the key features of the legislation?

IT IS EXPECTED THAT THEGDPR WILL COME INTO FORCE ON 25 MAY 2018

The law is complex, but three key points are:

• Organisations will need to report any loss of data, be that the loss of a laptop or memory stick or a serious cyber crime.

• Directors will be liable for ignoring or being complacent about data protection, especially personal data, which includes unique IP addresses and email.

• Fines for non-compliance will increase significantly. There will be an upper limit of €20 million or 4% of annual global turnover, whichever is higher.

Who is affected by the new legislation?

Businesses

Businesses will need to show they are fully compliant with the new regulations. Failure to do so will result in hefty penalties.

Individuals

The new regulations will make it easier for individuals to make private claims regarding their data privacy and the way their information has been handled by organisations.

What do you need to do tocomply with GDPR regulations?

MAKE SURE YOUR SYSTEMS ARE TRANSPARENTBE SURE THAT YOU ARE ABLETO ENFORCE THE POLICIESYOU ARE PUTTING IN PLACE

What should businesses be doing to prepare for the new legislation

MAKE SURE YOUR SYSTEMS ARE TRANSPARENTBE SURE THAT YOU ARE ABLETO ENFORCE THE POLICIESYOU ARE PUTTING IN PLACE

1) Review your existing information

Set up an information audit. Identify what personal data you currently hold. Check your data storage and handling of data is fully compliant with the new legislation.

2) Invest in technology

Identify any gaps in your existing technology. Invest in the latest firewalls, intrusion prevention and detection, and antivirus software to avoid a potential data breach.

3) Educate your staff

Every member of staff needs to understand that data security is part of their job, not just the responsibility of the IT team or the DPO (Data Protection Officer).

4) Consent

Ensure your systems are transparent and that your current consent policies are compliant. Understand how you are currently obtaining and recording consent within your organisation.

Storing personal data on children? Make sure you have clearly identified how you store and process consent of children, verify their age and obtain parental consent if required.

5) Cyber insurance

Review your insurance policy. More and more insurance companies are able to protect against business impact in the event of a cyber attack. Make sure your business is covered against a potential threat.

6) Recruit a Data Protection Officer

If you are a public authority, carry out large scale systematic monitoring of individuals or process large volumes of data relating to criminal conviction and offences then you must appoint a DPA under the GDPR legislation.

Whatever your business, it is essential to make sure you have the right skills and sufficient staff to ensure your organisation is fully compliant.

Where can I go to find out more?

Or find out more with the ICO’s (Information Commissioner’s Office)

12 step guide to the GDPR: https://ico.org.uk

Read our GDPR blog here:http://bit.ly/SIRE_GDPR