Today’s blog is going to take a Question and answer format with our resident legislation expert and Head of Operations Jason Atcheson.
We caught up with Jason to discuss the incoming General Data Protection Regulation (GDPR).
Q: First up, what is GDPR?
A: The GDPR is a ruling intended to protect the data of citizens within the European Union.
Q: What data does GDPR cover?
A: GDPR covers a wide range of data which includes; Name, Photo, Email Address, Social Media Posts, Personal Medical Information, IP Addresses and bank details. If a piece of data can be used to identify a person, chances are it is covered under GDPR.
Q: How does Brexit impact this for UK companies and data?
A: Every indication is that Brexit will not have an impact, all business should ensure they are complying with GDPR regulations.
Q: When do businesses need to be compliant by?
A: Businesses need to be compliant by 25th May 2018.
Q: Can you try to explain exactly what businesses have to do in the simplest terms possible?
A: The way I understand and bear in mind the definition of it has changed a few times, GDPR dictates that companies must implement the appropriate measure in relation to the nature, scope, context and purpose of their handling and processing of data. These measures must be both technical and organisational.
Also, businesses must gain consent from any individual whose data is held and these individuals have the right to withdraw consent. If the data is no longer required for the reason it was obtained, an individual has the right to exercise their right to be forgotten, whereby their data must be deleted.
q: How about all the hacks that seem to be in the news every other week, does GDPR protect us from that?
A: Well, GDPR does have legislation in relation to data breaches, but just because your business is GDPR compliant does not make you less likely to be hacked. What GDPR does cover in relation to hacks is that all data breaches must be reported to a Supervisory Authority within 72 hours, and the individuals affected as quickly as possible.
Q: So what happens to businesses that don’t comply?
A: Simply put, big trouble! Fines can rack up to Millions of pounds.
So there we have it, GDPR in a nutshell!