GDPR Key changes Guide
Have you heard about GDPR? Are you busy and don’t have time to read up on the new legislation? Don’t worry we have created a helpful guide on the key changes to data protection legislation.
Increased rights for the individual
The EU has started the change to stronger data protection regulations to better protect individuals. If there has been a data breach which involves a person’s personal data, the individual has a right to be informed within 72 hours of having become aware of the breach. They also have the right to have their data deleted, or have its use restricted.
Using someone’s personal data must be consented by the individual, this includes any collecting of data by companies, individuals must be informed before data is gathered. No more pre-ticked tick boxes that you need to untick. There now needs to be a positive, clear opt-in box.
Public authorities, and companies with over 250 staff, or dealing with sensitive data may need to have a data protection officer in place.
The fines for non-compliance will be increasing. The maximum fine for a consent breach will become £18 million, or 4% of global turnover if this is greater than £44 million per year. Whilst non-consent breaches are subject an equally whopping £9 million fine (2% of global turnover).
Whilst it will hopefully be rare for a maximum fine – this will not prevent smaller, but still hefty fines being imposed for less-serious breaches. Not forgetting companies that have not breached but are found to be inadequate.
If your company does not have documentation in place to show that they are taking data breaches seriously, such as policies for processing personal and risk assessments. They too will incur penalties even if there is no actual data breach.
With new GDPR rules, all companies that work with personal data have a responsibility for misuse. You will need to be aware of any third-party data suppliers and how and when they gained their consent.
For more information please call us on 0800 028 8956 or email firstname.lastname@example.org