General Data Protection Regulation
The office of the Data Protection Commissioner Ireland has recently published a guidance note entitled “The GDPR and you – preparing for 2018.” It is the first in a series of documents to help alleviate concerns and facilitate a smooth transition to future data privacy standards.
There is even an easy-to-follow 12 step infographic to help you achieve compliance.
On 24 October 2016, the Secretary of State for Culture, Media and Sport, Karen Bradley, confirmed (Q72) that the UK will implement the EU General Data Protection Regulation (GDPR).
GDPR comes into force on 25th May 2018. Some elements of GDPR will be more relevant to certain organisations than others but in general the new directive means that businesses must:
- Understand where all data resides and ensure it is protected
- Appoint a data controller
- Carry out risk assessments
- Notify authorities within 72 hrs of a breach
- Implement appropriate systems to minimise risk
- Implement full data protection
The potential risks to organisations for non-compliance include fines of up to €20m or 4% of global turnover – whichever is greater.
If you are compliant with current law, then most of that should remain valid under the GDPR. However, there are new elements and enhancements which will need to be considered by all organisations involved in processing personal data.
The DPC states in the guide:
“It is essential that all organisations immediately start preparing for the implementation of GDPR by carrying out a “review and enhance” analysis of all current or envisaged processing in line with GDPR.”
It is important to note that the GDPR makes it easier for individuals to bring private claims against data controllers when their data privacy has been infringed. It also allows them to sue for compensation.
The DPC is encouraging companies to start the process soon as it will be more cost-effective.
Ireland: Download the guidance note via the Data Protection website
UK: More information available on the Information Commissioner’s Office