GDRP or General Data Protection Regulation is coming in May 2018. Are you ready?
The new regulations will bring massive changes to how businesses collect, store and use personal data.
A few things the regulation will cover are:
- The right to be informed
- The right to erasure
- Breach notification
- The right to data portability
- Accountability and governance
Consent – A big one
Currently businesses and individuals can use implied consent to collect your personal details. For example, if you give someone your business card it can be assumed that by doing so you are consenting for them to add you to their email list. The new regulations will prevent this from happening.
From May 2018, onwards a business or individual will have to receive informed consent before using your personal details. So, if they want you to sign up to their email list they will have to give you the option to sign up yourself or get expressed permission that you would like to be on that list.
This will hopefully help reduce the amount of spam and phishing emails that everyone will receive.
Data Breach – Has your data been breached?
Another change the regulation will bring is the right to be informed of a data breach. When a breach occurs, the company will have to inform the ICO within a set number of hours. They will also have to contact all the customers effected and possibly pay fines. These fines are massive compared to current maximum penalties.
Controlling or Processing?
The regulations will look at two types of companies who handle data. There is the ‘Controller’ which is the business that decides the reasons behind collecting data and how to collect that data. Second is the ‘Processor’, This is the person or business that processes the personal information.
There is a good possibility that your business is both the Processor and Controller which means you must be up to date on the new rules before May or you could find yourself paying expensive fines. Any business that handles data on your behalf must also be compliant to the new regulations or as the Controller you could be found liable.
These regulations are currently part of the EU directive however even as Brexit goes through and the UK ultimately leaves the European Union we will still have to abide by these new rulings.
Personal data does not just include names and addresses anymore. It includes anything that could identify a person including, email addresses, banking details, IP addresses, passport numbers, gender, ethnicity, biological information and the list goes on.
So, are you ready for the changes it will bring?
If you unsure about anything GDPR related then please get in touch. There is an online course avilable here.
If you are a Student then please contact us to be provided with a discount code.
The course has been developed by Yasmine Lupin at Lawrence Lupin Solicitors. Yasmine has provided the following instructions to access the course after clicking the link above.
1. Press the resume button
2. Enter an email and password
3. Where LCATE appears insert LCATE.
Upon completion students/employees will receive a certificate from LCATE this is evidence that the employee has been trained and one aspect of GDPR (amongst many) have been fulfilled.
Author: Christopher Mason – Business owner at CMIT Consultants
Orignally posted on CMIT Consultants blog 01/01/2018