The General Data Protection Regulation is now less than six months away. Has your business taken action?
The GDPR actually became law in April 2016, but given the significant changes some organisations will need to make to align with the regulation, a two-year transition period was included. Organisations should not expect any grace period from regulators beyond 25th May 2018. Some EU member state regulators have already gone on record to say there will be no enforcement holiday for organisations that fail to comply.
What are the main requirements?
- Transparency, fairnesss and lawfulness in the handling and use of personal data. You will need to be clear with individuals about how you are using personal data and will also need a “lawful basis” to process that data.
- Limiting the processing of personal data to specified, explicit and legitimate purposes. You will not be able to re-use or disclose personal data for purposes that are not “compatible” with the purpose for which the data was originally collected.
- Minimising the collection and storage of personal data to that which is adequate and relevant for the intended purpose.
- Ensuring the accuracy of personal data and enabling it to be erased or rectified. You will need to take steps to ensure that the personal data you hold is accurate and can be corrected if errors occur.
- Limiting the storage of personal data. You will need to ensure that you retain personal data only for as long as necessary to achieve the purposes for which the data was collected.
- Ensuring security, integrity, and confidentiality of personal data. Your organisation must take steps to keep personal data secure through technical and organisational security measures.
Does the GDPR apply to my organisation?
- processing of anyone’s personal data, if the processing is done in the context of the activities of an organisation established in the EU (regardless of where the processing takes place);
- processing of personal data of individuals who reside in the EU by an organisation established outside the EU, where that processing relates to the offering of goods or services to those individuals or to the monitoring of their behaviour.
- The EU is often viewed as a role model on privacy issues internationally, so we also expect to see concepts in the GDPR adopted in other parts of the world over time.
- The GDPR applies more broadly than might be apparent at first glance. Unlike privacy laws in some other jurisdictions, the GDPR is applicable to organisations of all sizes and all industries.
Partnering is the most effective way to ensure that your business is ready for GDPR in May 2018. We can work together to ensure your business is compliant with the new laws.
Contact us for more information. Telephone 0845 606 1000 or email firstname.lastname@example.org.