The General Data Protection Regulation in a Nutshell
The General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU.
The “General Data Protection Regulation in a Nutshell” is written to advise you on the legislation, which is coming into effect in May 2018.
After more than three years of discussion the EU General Data Protection Regulation or GDPR framework has been finally agreed on. This directive will replace the current 1998 Data Protection Act. As with most major legislative change it will not be enforced immediately and will likely become compulsory at the first half of 2018. The main intent of the GDPR is to give individuals more control over their personal data, impose stricter rules to companies handling it and make sure companies embrace new technology to process the influx of data produced. Here are the major changes that are mentioned in this new legislation:
Expanded territorial reach
Companies that are based outside of the EU, but targeting customers that are in the EU will be subject to the GDPR which is not the case now.
Consent
Consent of personal data must be freely given, specific, informed and unambiguous. Consent is not freely given if a person is unable to freely refuse consent without detriment.
Accountability and privacy by default
The GDPR has placed great emphasis on the accountability for data controllers to demonstrate data compliance. They will be required to maintain certain documentation, conduct impact assessment reports for riskier processing and employ data protection practices by default – such as data minimisation.
Notification of a data breach
Data controllers must notify the Data Protection Authorities as quickly as possible, where applicable within 72 hours of the data breach discovery.
Sanctions
This new legislation allows the Data protection Authorities to impose higher fines – up to 4% of annual worldwide turnover. The maximum fines can be applied for discrepancies related to international data transfers or breach of processing principles, such as conditions for consent. Other violations can be fined up to 2% of annual worldwide turnover.
Role of data processors
Data processors will now have direct obligations to implement technical and organisation measures to ensure data protection, this could include appointing a Data Protection Officer if needed.
One stop shop
This legislation will be applicable in all EU states without the need of implementing national legislation. Having a single set of rules will benefit businesses as they will not need to comply with multiple authorities, streamlining the process and saving an estimate of €2.3 billion a year.
Removal of notification requirement
Some data controllers will be glad to hear that the requirement of notifying or seeking approval from a Data Protection Authority is going to be removed in many circumstances. This decision is made to save funds and time. Instead of notification the new directive requires data controllers to put in place appropriate practices for large scale processing in the form of new technology.
Right to be forgotten
This change is one of the most useful changes for the average person managing their data protection risks. A person will be able to require their data to be deleted when there is no legitimate reason for an organisation to retain it. Following this is requested the organisation must also take appropriate steps to inform any third party that might have any links or copies of the data and request them to delete it.
This new directive has clearly been created acknowledging that people produce much more sensitive data than they have ever before. Managing data on a large scale can be risky for organisations if they do not plan out an appropriate strategy and update their systems to handle the influx. This kind of negligence can lead to data breaches or leaks.
Contact Novus Altair to help you to ensure compliance with the law, mitigation against the risk of regulatory fines and maintenance of a good reputation. For more information contact us directly at info@novusaltair.co.uk
TRENDING POSTS
LOCATIONS
We have been very impressed with the service from Novus since the beginning. They have provided us with the right solutions for our business and been very efficient in ensuring a smooth transition from our previous provider, without any downtime. Overall the stability and reliability of our IT services have been greatly improved.I have been very impressed thought the whole on-boarding process, from making sure that we picked the correct services to delivering them, I would say that you have set the benchmark in customer support.
I just felt it necessary to take time out to thank you and your team for all their enthusiasm and help since you have taken over our IT support. Both the level of expertise and the swiftness in dealing with our queries is quite astounding and we are very grateful that we have found you to take over our IT support because in the past we have had some very bad experiences. The congratulations is to all your team to celebrate their exceptional service.
I have been very impressed thought the whole on-boarding process, from making sure that we picked the correct services to delivering them, I would say that you have set the benchmark in customer support.
As a charity we have a number of financial constraints as you will appreciate; wherever Novus can supply us with cheaper but quality value items (software/ hardware/ Comms support) they have. They have negotiated contracts and disputes for us, not part of the package, and resolved a number of issues. They really are ethical ICT and they will go the extra mile for you.
I have been working with Novus for over 2 years now and can attest to their excellent service and professionalism. They are always open to discussion and they have adapted well to changes in our business strategy. Time and again we put Novus to task in all areas of our business and they come through with cost-effective and future-proof solutions that the business can rely on. I would highly recommend any of their vast array services to anyone in the tech industry.