Just like winter, GDPR is coming. And just like White Walkers, GDPR is coming for everyone (in Europe). However, GDPR isn’t a popular T.V. show that you can change the channel on, but a huge regulation that comes into action on the 25th May 2018 – giving businesses and enterprises alike, less than a year to get themselves sorted. Every organisation that processes customer data will be required to take responsibility and accountability of the use of said data.
If you’re an organisation that stores, handles or processes personal data; otherwise known as the ‘controllers’ and the ‘processors’, you need to abide by the new regulation. Personal data can include anything from information provided to you by an individual, data observed as online identifiers, data accumulated through complex processing, browsing history, social media posts and transactional history. As a company, you need to ensure you take these steps to minimise the risk of breaches and uphold the protection of all held personal data.
If you don’t adhere to the new regulation, they have quite a tough penalty! By not following the new rules, your business could face a fine of either up to 10million Euros or 2% of the company’s global revenue, whichever is more. Then, it gets worse. If the rights and freedoms of the data subjects are violated, including those who fall victim to hacking and other breaches of personal data, you can see those previous penalties being doubled. That’s right, your company, if it doesn’t adhere properly to the rules, could be looking at a €20million fine – or 4% of the global revenue. gulp.
GDPR very graciously will give you 72 hours to notify them regarding the breach. This isn’t just loss of data either, this includes any unauthorised disclosure of personal data, any access to personal data, any alterations, destruction or loss of any personal data. This MUST be disclosed within the mandated time period.
GDPR extends additional rights to individuals in the EU, including the right to be informed about the use of their personal information, the right to have access, to erase and to transfer their personal data.
It’s all about trust. It’s about ensuring that the companies handling the personal data of their customers, their employee’s – their partners, their aunt’s husband’s brother’s daughter – handle it with sensitivity, care and respect.
Aside from us, the most reliable source of information on GDPR can be found on HM Goverment’s website.
To check if your own cookie & privacy statements are acceptable, please give us a call, or reach out via our contact page.