Date for your diary: Friday, 25th May, 2018. The reason? That’s the day that the General Data Protection Regulation (GDPR) comes into force, and it affects every business in the country, large or small.
GDPR applies to any personal and sensitive data processing carried out by organisations operating within the EU, or any non-EU businesses processing the data of EU citizens.
Judith Dool of Sedenco, which offers businesses consultancy advice on GDPR, recently gave a talk to WBG members. She said the new regulations put more emphasis on being accountable for, and transparent about, the basis on which you process data.
She reported that “under GDPR, you have a general obligation to implement technical and organisational measures to show you have considered and integrated data protection into your processing activities.”
The qualification is “person-identifiable and sensitive data”, which applies to all the information – emails, documents, files – which businesses hold on their files and systems about customers, suppliers and employees.
A few things to remember (and this list not exhaustive!)
- You must have a valid lawful basis in order to process personal data
- You need to review privacy notices to ensure they will be compliant, and
- Appoint a data protection officer, if applicable.
The authorities are threatening significant penalties for those who do not adhere to the new rules – a fine of up to 4% of annual turnover, or 20 million Euros, whichever is greater!
Contact details: Judith Dool, Sedenco, email: firstname.lastname@example.org