On the 25th May 2018 the General Data Protection Regulation (GDPR) will come into effect. This regulation is intended to strengthen and unify data protection for all residents within the European Union. The new regulations apply to any company worldwide that deals with the personal data of consumer or business customers.
The new regulations come with a significant fine regime for those companies failing to take the correct steps to protect the data of their consumer or business customers. This fine can up to 4% of global turnover or €20m, whichever is greater.
GDPR key issues
There are a number of areas that businesses must focus upon to prepare themselves for this change. Some of the key issues that businesses need to consider are:
- Identify personal data – note and control all data that might be used to identify an individual
- Ensure valid consent from customers – organisations will need to prove clear and valid consent for the purpose for which the data is being gathered and not change that purpose without gaining further consent. Organisations will need to be able to easily show what data has been collected and the consents gained for its use
- Confirm whether you need to appoint a Data Protection Officer – it is likely that any organisation that, as part of its activities, depends on processing large volumes of personal data will need to appoint a DPO
- Consider Privacy Impact Assessments – assessments will need to be carried out where privacy breaches are high. So, if a project is likely to impact on processing activities then an impact assessment will need to be undertaken
- The right to be forgotten – Individuals can request for data to be removed and organisations cannot hold data for longer than necessary
- Privacy by design – data must be permanently deleted where requested, with no copies held
For more background on how to prepare for GDPR, read this paper from the Information Commissioners Office, 12 steps to take now.
Salpo GDPR Compliance Assistance Tool
We have developed the Salpo GDPR Compliance Assistance Tool to help you meet this regulatory challenge.
Our tool provides data management tools and an online portal for customers to view and self-manage their data.
With automated compliance processes and a self-serve toolset you no longer have to be inundated with Right To Know requests.
Learn about how the Salpo GDPR Compliance Assistance Tool can help you.