What is GDPR?
Time until GDPR
What is GDPR and will it affect your company?
Smile Backup Authored Content
The General Data Protection Regulation (GDPR) is the new replacement to the Data Protection Act of 1998, which will come into effect on the 25th of May 2018. The DPA is almost 20 years old, and with the constantly changing technological landscape today, it has become outdated. The nature of sensitive or personal data is changing to become more relevant to our Digital Age, and the GDPR sets the standards for EU countries, and those with data on EU citizens, to follow.
Sensitive data is no longer the rigid concept it was with the DPA, and is becoming better defined with every iteration of GDPR. Simply speaking, sensitive data is any data which can be used to identify an individual. This covers everything from medical records to retinal scans to IP addresses to political inclinations. GDPR brings all of this together in an enforceable, and fineable, law which will be followed by the EU and UK, regardless of Brexit. Even companies not based or operating within the EU are subject to its laws if they are using data about EU or UK citizens, such as Facebook.
Each individual has more rights with GDPR than with the DPA, with the main ones relevant to businesses being the Right to Erasure, and the rights to access and object. The Right to Erasure is the ability for any individual to request that their data be purged from a given system, requiring infrastructure which many businesses simply did not have previously. Deleting someones records may seem like a simple thing to do, but many businesses do not have a centralized directory, and the fines for not acting in a reasonable time can be as much as that for a data breach; up to 20 Million Euros, or 4% of the global annual turnover of the company. The fines for going against GDPR will put many businesses into bankruptcy, and preparations should be made sooner rather than later.
There are many rights which will come into effect with GDPR, most of which will affect businesses in some way. These rights are outlined here, but knowing which rights will affect a business is tricky. If a company is unsure about GDPR, we here at Smile can offer expert advice and guidance on GDPR compliance for any sized business. Our data centre and co-locations are fully GDPR compliant, and our ISO 27001 accreditation shows that our company can be trusted in all matters of data security.
GDPR is already changing the core concepts of many companies, with marketing being the most affected so far. The main hindrance for these companies is that of opt-in only data collection and usage. The DPA allowed opt-out as default, where a business could assume that the user allowed them touse their data until told otherwise GDPR is the opposite, where businesses will have to get permission from a user before using or storing any of their data. For companies which purchase their data in bulk through third party re-sellers, this is a major issue which needs to be tackled long before the 25th of May.
Further information on GDPR can be found on the ICO website here.