The EU’s General Data Protection Regulation – GDPR – kicks into action in May 2018, so it’s really important that you start familiarising yourself with the changing legislation now!
The new legislation is being brought in as a data protection act to change the way companies are storing and using data.
Until May 2018, the UK relies on the Data Protection Act from 1998. But this new legislation will supersede this data protection act. GDPR is the new act which companies must adhere.
Not only does GDPR introduce tougher fines for non-compliance and breaches, it also gives people more say over what companies can do with their data.
So who does the GDPR apply to?
GDPR refers to two types of individuals. ‘Controllers’ and ‘processors’ of data. These are the primary focus for the new legislation. For clarification, a data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. To add context, a controller could be any company, charity or government that are profit-seeking. And a processor could be any IT firms conducting the actual data processing.
Even if you are a controller or processor based outside the EU. If your using personal data from EU residents you must still comply with the GDPR legislation.
How does the GDPR define ‘consent’?
Under the GDPR, “consent” of the data subject means any freely given, specific, informed and unambiguous indication of the data subject’s wishes by which he or she, by statement or by a clear affirmative action, signifies agreement to the processing of personal data relating to him or her.
Requests for consent can no longer be hidden in small print. It must be presented clearly and separately to the other policies on your website, and no more pre-ticked consent boxes.
Customers and employees alike must give active consent rather than a passive acceptance which is all that is required under the current legislation.
Controllers will have new responsibilities and must keep a record of the how and when individuals gave consent, and ensure each individual can withdraw their consent at any time. If your business model doesn’t meet the new rules set by GDPR you have an obligation to update it or stop collecting data in May 2018.
Will the GDPR apply to my business?
These new GDPR legislations apply to any business that processes the personal data of EU citizens. The personal data includes that of customers, employees, suppliers and partners.
Firstly, you (as a business) will need to outline how often you deal with personal data. If you’re collecting the data routinely, you must comply with the GDPR. Whether you choose to collect the data on a spreadsheet, on your work phone or in the cloud.
The way we collect, process and store data is changing, and there isn’t much time before the rules change. It’s important to start the ball rolling now, to ensure your company isn’t hit by fines later in the year.
Share and enjoy
If you have any questions or comments about this post, please fill in the comment box below. Or send me an email: firstname.lastname@example.org. To find out more about bOnline, please visit our website.