By Takudzwa Gezi
You may have recently heard a lot in the media about the ‘GDPR’. So what’s all the fuss about?
Background to the GDPR (General Data Protection Regulation)
With less than 5 months left, the deadline of the GDPR is fast approaching.
The GDPR (General Data Protection Regulation), replaced the Data Protection Directive in April 2016, and will be enforced on the 25th of May 2018. But why the replacement after 20 years you may ask. In contrast to the Data Protection Directive, the European Commission designed the GDPR to harmonise data protection laws across Europe, thus reshaping the way organisations across the globe approach data privacy of European citizens.
Does the GDPR apply to the UK since it will no longer be in the EU?
The UK will not be exempt to the GDPR.
To some, it may come as unexpected. The GDPR applies to any company around the globe that works with EU citizen’s data, thus making it the first global data protection law. For those organisations that do not comply, they can expect to see hefty fines of up to €20m or 4% of the organisation’s annual global turnover.
So what exactly are the GDP Requirements?
The European Commission has outlined the 7 GDPR requirements that organisations must adhere to by the 25th May 2018, if they are not too face these hefty fines.
• When obtaining consent, terms and conditions must be simple to understand for the customer.
• Processers have a 72-hour period to report any breach of data to controllers and customers.
Right to Access:
• Customers have the right to enquire about their data and get a free electronic copy of their personal data.
Right to be Forgotten:
• If data is no longer relevant to initial purpose, customers can demand the data to be erased.
• Allows customers to obtain and reuse their personal data for their own purpose by transferring it across different IT environments.
Privacy by Design:
• Taking Data Protection into consideration when designing systems, and implementing appropriate technical and infrastructural measures.
Data Protection Officers:
• Qualified DPO’s must be appointed in large organisation that handles data.
What’s to come…
So the EU has already put the GDPR in place with enforcement coming this year on the 25th of May. It is now the time for organisations to start asking themselves some key questions if they are to be successful; what personal data do we collect? Who handles our personal data? Why do we have this personal data? Where do we store the data? When do we dispose of the unnecessary personal data? Answering some of these questions will in turn help organisations on their way to compliance before the 25th of May 2018 GDPR deadline.
LinkedIn: Takudzwa Gezi