So, firstly, what is GDPR?
It is a new EU regulation to bring data protection standards up to date to ensure that individuals in the EU are protected appropriately from privacy and data breaches.
GDPR was adopted by the EU in April 2016 and becomes effective on 25.05.18
How does GDPR affect my business?
In general terms, all businesses that process personal data of individuals in the EU will have to comply with GDPR.
This will be the case post-brexit as the UK government is introducing a new Data Protection Bill which will account for GDPR.
Various types of personal data that GDPR covers may include, although this is not everything are;
– Personal data held about clients, this could be accounts, compliance documents or contracts for example
– Personal data which is held for marketing purposes
– Emails, both internal and external and other electronic communication
There are also a lot of misconceptions with regards to GDPR, which has caused some confusion.
The scale of GDPR is mis-understood, it may, for example, affect some organisations that are not registered within the EU, together with the potential for large fines, which has led to confusion.
The Information Commissioner, Elizabeth Denham, has written a number of blogs with regards to GDPR to provide a proper insight into the legislation – see https://iconewsblog.org.uk/category/elizabeth-denham/
Most of the media attention concerning GDPR has been about the fines that could be imposed.
Rather than the focus being on the fines, it would be better for organisations to properly understand GDPR to ensure they are adopting the correct procedures so that fines can be avoided.
In the next BLOG we will look at setting up a GDPR Action Plan and what you can now do to prepare.