Why GDPR Might Not be the Mammoth Task You Expected
15 March 2017 00:00
Not a day goes by without seeing a plethora of posts and articles on social media, blogs and news sites on GDPR - the General Data Protection Regulation. So here’s another one!
Let us recap. GDPR is the most significant development in data protection that Europe has seen over the past 20 years. The regulation is intended to enable individuals to better control their personal data. It is hoped that these modernised and unified rules will allow businesses to make the most of the opportunities of the Digital Single Market by reducing regulation and benefiting from reinforced consumer trust.
Regardless of Brexit – the UK Information Commissioners Office (ICO) have confirmed that GDPR will still be adopted.
There are some trepidation and angst amongst organisations, mainly due to the hype and constant social media coverage which tend to strongly focus on the new fines, which to be fair are pretty eye-watering for any organisation!
Regulators will now have authority to issue penalties equal to the greater of €10 million or 2% of the organisations global gross revenue for violations of record-keeping, security, breach notification, and privacy impact assessment obligations.
Violations of obligations related to the legal justification for processing (including consent), data subject rights, and cross-border data transfers may result in penalties of the greater of €20 million or 4% of the entity's global gross.
Scary stuff, however, our take is that if your business is already compliant with the Data Protection Act, then although some considerations and changes will need to be made to become compliant with GDPR, it may not be the mammoth task that you perceive. As long as your employees "give a damn" about data protection your business will be all set for GDPR.
The UK ICO (Information Commissioners Office) are committed to assisting individuals and businesses in understanding the requirements of GDPR and are continuously updating their guidance on the ico.org.uk website.
Before you engage with a Supplier or GDPR Specialist, understand your current approach to compliance with the Data Protection Act, read the latest guidance from the ICO and try to work out the key differences in GDPR and how they will impact your Business. Any new legislation or changes in compliance requirements can be frightening, but do your homework, engage with the right Supplier if needed, and make the required changes.
Finally, educate your employees. If everyone has a good understanding of what GDPR is, your organisations approach to GDPR, and their responsibilities as an employee – then the risk of a data breach and potential fine will certainly be reduced!