Written by Alex McKay, IRIS: The General Data Protection Regulation (GDPR) is replacing the Data Protection Act 1998 from 25th May 2018. The introduction of the GDPR will harmonise data protection laws across the EU, and will update the current regulations to take full account of globalisation, and the ever-changing technology landscape.
In this data-driven world, with the ability to share information across the globe in a matter of seconds, it’s no surprise for the calls for stronger data security among organisations when it comes to protecting personal data. The introduction of the GDPR aims to revamp, modernise and strengthen the core values of the Data Protection Act 1998.
Despite Brexit negotiations, the UK government has revealed its commitment to new data protection rules in the UK, with the Queen revealing in her speech that the UK would retain its “world-class” data protection regime.
What are the UK’s key priorities for the GDPR?
- Ensuring data protection rules were “suitable for the digital age”
- “empowering individuals to have more control over their personal data”
- Giving people the “right to be forgotten” when they no longer wanted a company to process their data
- Modernising data processing procedures for law enforcement agencies
- Allowing police and the authorities to “continue to exchange information quickly and easily with international partners” to fight terrorism and other serious crimes
Five ways changing data protection laws will affect your business
- Employers need to notify and provide key information to the data protection authority within 72 hours of any breach.
- Significant fines of up to €20 million or 4% of the businesses annual turnover, whichever is greater for any data breach.
- Right to Access gives data subjects the right to obtain from the data controller confirmation as to whether or not personal data concerning them is being processed, where and for what purpose.
- If the request is made electronically, the controller needs to provide a copy of the personal data, free of charge, in a commonly used electronic format.
- Right to be Forgotten entitles the data subject to have the data controller erase his/her personal data
What’s next for your business?
Whether this is the first you’ve heard of the GDPR or you’ve already started planning, it’s important to know where you stand and how well-placed your business is before May 2018.
A great starting point would be to complete the 12 steps to GDPR created by the Information Commissioner’s Office (ICO). The ICO are a non-departmental public body which reports directly to Parliament. Completing the 12 steps checklist will highlight the main differences between the current law and the GDPR leaving you ready to tackle GDPR head on.
Written by Alex McKay, IRIS Software Group, HCM Division.