By teknet on Tuesday 20th February 2018, 2:10pm
The new General Data Protection Regulation (GDPR) will come into force on the 25th May 2018. If organisations are found to be non-compliant on or after this date then your company will face legal action. Organisations can be fined up to 4% of annual global turnover, or €20 Million (whichever is greater). This new legislation replaces the existing 1995 Data Protection Directive 95/46/EC. Our data-driven world has changed enormously since 1995, therefore a more up-to-date regulation was inevitable.
The impact on businesses will be huge and it will permanently change the way that personal data is collected, stored and used.
What is GDPR designed to do?
GDPR is “…designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations approach data privacy.”
What is Personal Data?
Personal data is any information related to a person or ‘Data Subject’ that can be used to identify the person. Including a name, a photo, an email address, bank details, posts on social networking websites, medical information, or a computer IP address.
Increased Territorial Scope
The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods or services to, or monitor the behaviour of, EU data subjects. It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location. Non-EU businesses processing the data of EU citizens will also have to appoint a representative in the EU.
Penalties
Organisations failing to prove compliance to GDPR can be fined up to 4% of annual turnover, or €20 million (whichever is greater). A tiered approach will be taken with regards to fining, for a fair and open fining process.
Consent
Consent must be provided in a clear, intelligible and accessible form. The language used must be plain and clear for people to understand and withdrawal of consent must be as simple as the process of giving consent. People must be able to withdraw consent at any given time.
How Can Teknet Help?
It’s In Your Hands
Teknet will guarantee that your website conforms to all GDPR obligations. Nevertheless, there are still tasks you must carry out to ensure that your organisation is 100% GPPR compliant.
Make sure that your organisation has a data breach process in place. Data breaches must be reported within 72 hours. In addition to this, it is said that organisations who process data on a significant scale should appoint a Data Protection Officer (DPO), although Teknet recommends appointing a DPO regardless of the size of your organisation.
A data audit which tracks first, second and third-party processors is a good way to consider where you capture data and what sort of information is contained. You need to ensure that you hold a copy of third-party data processors and that you have a copy of their privacy policy. Your third party processors (for example: Mailchimp, Facebook and Salesforce) need to be GDPR compliant. Your Privacy Policy must clearly state what data you hold and how you’re storing and using it, the third-party processors you share the data with and the process of subjects to request sight of the data and to have it completely deleted if they request. If you get a request to delete data, this must be done within 30 days.
A Final Thought
The impending GDPR legislation is a concern for all businesses, regardless of their size or power. The general public will be no longer quite so vulnerable in the vast and threatening cyber world thanks to GDPR. The changes being introduced with GDPR will influence your entire business and its processes. The Information Commissioner’s PDF Guide is a great source of reference, helping organisations understand and implement GDPR compliance.
The GDPR legislation will change the way your entire business is run. With regards to your website and digital marketing – we are here to happily help. Contact us today for more information on becoming GDPR friendly, let’s ride the waves of change together.
As well as GDPR-Compliance, Teknet Software offers a variety of services – check out our Services page for the full list!