Google Adwords 0808 278 1398 Bing Ads 0808 274 4482

European General Data Protection Regulation (GPDR) Factsheet

The new European General Data Regulation (GDPR) will come into force on 25 May 2018, to replace the Data Protection Directive of 1995. It does not require national governments to pass any enabling legislation, and is thus directly binding and applicable. Its forthcoming introduction is intended to strengthen and unify data protection for all individuals within the European Union and is aimed at harmonising data laws across the European Union.

Some key points:
 

Personal Data has been refined

The EU GDPR enforces a strict and broad definition of personal data, referring to any information that can be used, on its own or in conjunction with other data, to identify an individual.

New Individual Rights

Organisations will have to disclose the intended use and duration of storage of the data required, and re-solicit permissions each time a new use of the data is proposed.

EU citizens will have management of their personal data, and will have the right to access, amend, request the deletion of, their              personal data.

They will have the right to object to certain types of processing – profiling for market purposes, for example.

Mandatory Breach Notification

Under the new Regulations organisations are required to report data breaches to the individuals whose data was lost and to a supervisory authority within 72 hours. The data breached, and the preventative security measures in place at the time of the breach, must then be evaluated to assess repercussions and ensure future compliance.

Financial Repercussions

Consequences will be severe for non-compliance; steep fines are being put in place. If violations occur, organisations could be either charged 4% of their global turnover or 20million euros, whichever is higher, previously £500,000.

Joint Responsibility

Data Controllers, organisations who acquire EU Citizens’ Data and Data Processors, organisations who may manage, modify, store, or analyse that data on behalf of or in conjunction with the controllers, are jointly responsible for complying with the new rules.

Information Governance

Organisations are required to actively track how and where data are stored and used. This means that security must be built into products and processes through the use of risk management tools. A Data Protection Officer must be appointed if an organisation employs over 250 people.

If you would like an additional information regarding this article please contact Nazia Riaz, or a member of our commercial team on 01905 721600

Expert legal advice you can rely on,
get in touch today:

Please let us know you are not a robot