The General Data Protection Regulation (GDPR) is a new EU wide regulation coming into force from 25th May 2018, following a two-year transition period. The purpose of GDPR is to improve and align data protection for all individuals within the European Union (EU).
These changes will be written into UK law prior to the UK’s withdrawal from the EU, replacing the Data Protection Act of 1998, as indicated in the Queen’s Speech in July 2017.
The consequences of non-compliance are severe with fines of up to £20 million or 4% of a company’s global turnover from the previous financial year, whichever is higher. Fines are likely to be issued after a written warning of none-compliance and regular periodic data protection audits.
- Consent – offering individuals choice and control of what information and choices they are choosing. This means no more pre-ticked boxes or opt-in methods designed to confuse.
- Right to be forgotten – An individual has the right to obtain personal data concerning themselves without undue delay and can request its deletion.
- Data breach – All organisations will have a duty to report data breaches to the individuals affected as well as the relevant supervisory authority.
- Controller – determines the purposes and means of processing personal data, for an agency such as ourselves this is usually our clients.
- Processor – is responsible for processing personal data on behalf of a controller, for our clients this is usually Webnetism.
- Personal data – any information related to a person that can be used to identify a person. This includes, email address, name, mobile number and location, both digital and manual records.
- Consent – freely given, specific, informed and explicit consent by statement or action signifying agreement to the processing of their personal data.