The General Data Protection Regulation will apply in the UK from the 25th May 2018.
The Government has confirmed that the UK’s decision to leave the EU will not affect the beginning of the GDPR. When the GDPR takes effect, it will replace the data protection directive (officially Directive 95/46/EC) from 1995.
The penalties for non-compliance with GDPR are serious -
Up to €20 million or 4% of annual company turnover, whichever is higher.Contact Dynamic Edge Today
(Whichever is higher)
Global Applicability - applies to organisations anywhere who control or process EU citizen data.
As a regulation, the GDPR in directly effective, and does not leave room for jurisdictional interpretation of all it’s rules.
For organisations, this is a whole new world. The current Data Protection Act lacks the teeth to really punitively effect wrongdoers. New powers will be given to the Data Protection Commissioner to impose fines to a maximum of 4% of turnover/€20 million. Individuals will also be entitled to claim for compensation where they have suffered a loss.
The fundamental rights and freedoms of individuals to privacy must be balanced against the operations of the organisation. Risk assessments and in-built privacy considerations are to factor in every new approach taken by organisations.
The requirements for Data Protections Officer, Mandatory Breach Reporting and documenting compliance are pushing the onus on the data controllers and processors to prove they are taking individuals’ fundamental rights seriously.
Privacy has never been so challenged and technology has never been so advanced. Legislators are finally catching up.
The purpose of the GDPR is to implement tougher data security and privacy regulation amongst companies when it comes to protecting personal data.
It will be an extensive process for medium to large organisations to fully understand the key fundamentals, auditing existing data protection measures and making sure all data collection and procedures are GDPR compliant.
Whereas, smaller companies might be concerned about their ability to cope with this complicated responsibility and would benefit from specialist support and assistance to help with the workload.
Organisations will have to equip themselves with the appropriate alert systems to identify data breaches promptly, as this will have to be reported within 72 hours, under the GDPR. In order to be able to deal with all these legal requirements and it is Important that someone is responsible for handling and processing personal data according to GDPR legislation.
It is critical that companies get the appropriate systems in place to ensure they will be compliant, and as soon as possible. Penalties for non-compliance are strict - up to €20m or 4% of global annual turnover, whichever is higher. Now is the time to get match-fit for GDPR!
Organisations waiting for the ICO to publish their final guidance and codes of practice may be too late.
Dynamic Edge have the expertise to manage and improve data security for any size of company and ensure you are GDPR ready.