GDPR: what it is, what is personal data, and who it will affect
The new laws will come into force on May 25
Posted: 16 May 2018
GDPR. A term we will all have heard being banded around in recent weeks and months. But what is it all about?
With a little more than a week to go until the new laws come into force, we've put together this guide, with the help of Andrew Jackson Solicitors, of what you need to know about the new data protection laws.
Here's everything you need to know.
What is GDPR?
GDPR stands for General Data Protection Regulation. It is a law that will change the rules, regulations and business practices surrounding data protection dramatically.
For consumers, it brings new powers which require firms to get clear consent from users before processing their data, as well as grants users a right to easily access the data collected from them and transparency on how it is being used.
Therefore, you are able to request copies of your data from any company, free of charge and should have it supplied to you within a month.
When does it come into force?
The new rules come into force on May 25.
What are the key differences between the old legislation and these new regulations?
Mandatory breach reporting is now in place and fines are now set at a much higher level than they were previously.
For those who deal with data it's important to bear in mind that the requirements on consent are set at a much higher level than previously. Under the GDPR there is no such thing as an ‘implied’ consent and ‘opting in’ is mandatory.
Where should businesses look for reliable guidance on these issues?
The Information Commissioner’s Office (ICO) website contains step by step guides and information in plain English that we know many of our clients have found really useful.
What are the implications for businesses which fail to comply with the new legislation?
One of the main issues that this legislation hopes to address is the lack of consumer faith in how data is stored and used. The desire to improve this has been one of the drivers from the government, so we can expect enforcement to be a key part of these new regulations.
The regulators are seeking accountability from businesses, and the reassurance that they can demonstrate their compliance at any time. This is about more than just fines; it's about reassuring customers and stakeholders and protecting business reputation.
What steps should businesses take now?
The key thing is to get a handle on the data that your business holds and how it is used. For this, you will need to ask yourself several key questions, including:
- What data do we hold?
- How is it stored?
- How was it obtained?
- How is it used?
- Can we prove that consent was given for us to obtain it?
- Are any third parties involved in its usage?
This is a huge undertaking in itself, and one that cuts across several departments including HR, marketing and IT, so it’s important to make sure that you plan the process effectively and start as soon as you can.
If you’re unsure of the implications of the data you have gathered, and how it fits in with the new regulations, make sure that you seek legal advice.