preparing for the general data protection regulation
TRANSCRIPT
What is the General Data Protection Regulation (GDPR)?
THE EUROPEAN COMMISSIONINTENDS TO STRENGTHENEXISTING DATA PROTECTIONLAWS FOR INDIVIDUALSWITHIN THE EU WITH A NEWPOLICY KNOWN AS THEGENERAL DATA PROTECTIONREGULATION (GDPR)
When does the new regulation come into force?
INTENDS TO STRENGTHENEXISTING DATA PROTECTIONLAWS FOR INDIVIDUALS
POLICY KNOWN AS THEGENERAL DATA PROTECTION
IT IS EXPECTED THAT THEGDPR WILL COME INTO FORCE ON 25 MAY 2018
What are the key features of the legislation?
IT IS EXPECTED THAT THEGDPR WILL COME INTO FORCE ON 25 MAY 2018
The law is complex, but three key points are:
• Organisations will need to report any loss of data, be that the loss of a laptop or memory stick or a serious cyber crime.
• Directors will be liable for ignoring or being complacent about data protection, especially personal data, which includes unique IP addresses and email.
• Fines for non-compliance will increase significantly. There will be an upper limit of €20 million or 4% of annual global turnover, whichever is higher.
Who is affected by the new legislation?
Businesses
Businesses will need to show they are fully compliant with the new regulations. Failure to do so will result in hefty penalties.
Individuals
The new regulations will make it easier for individuals to make private claims regarding their data privacy and the way their information has been handled by organisations.
What do you need to do tocomply with GDPR regulations?
MAKE SURE YOUR SYSTEMS ARE TRANSPARENTBE SURE THAT YOU ARE ABLETO ENFORCE THE POLICIESYOU ARE PUTTING IN PLACE
What should businesses be doing to prepare for the new legislation
MAKE SURE YOUR SYSTEMS ARE TRANSPARENTBE SURE THAT YOU ARE ABLETO ENFORCE THE POLICIESYOU ARE PUTTING IN PLACE
1) Review your existing information
Set up an information audit. Identify what personal data you currently hold. Check your data storage and handling of data is fully compliant with the new legislation.
2) Invest in technology
Identify any gaps in your existing technology. Invest in the latest firewalls, intrusion prevention and detection, and antivirus software to avoid a potential data breach.
3) Educate your staff
Every member of staff needs to understand that data security is part of their job, not just the responsibility of the IT team or the DPO (Data Protection Officer).
4) Consent
Ensure your systems are transparent and that your current consent policies are compliant. Understand how you are currently obtaining and recording consent within your organisation.
Storing personal data on children? Make sure you have clearly identified how you store and process consent of children, verify their age and obtain parental consent if required.
5) Cyber insurance
Review your insurance policy. More and more insurance companies are able to protect against business impact in the event of a cyber attack. Make sure your business is covered against a potential threat.
6) Recruit a Data Protection Officer
If you are a public authority, carry out large scale systematic monitoring of individuals or process large volumes of data relating to criminal conviction and offences then you must appoint a DPA under the GDPR legislation.
Whatever your business, it is essential to make sure you have the right skills and sufficient staff to ensure your organisation is fully compliant.
Where can I go to find out more?
Or find out more with the ICO’s (Information Commissioner’s Office)
12 step guide to the GDPR: https://ico.org.uk
Read our GDPR blog here:http://bit.ly/SIRE_GDPR