General Data Protection Regulation (GDPR)

Part 1
 Over the course of three articles Agile will help you to understand the new GDPR regulations that will come into force on 25th May 2018.
 We’ll help you to understand the scope of the new regulations and your part in preparing your company to comply. Furthermore we’ll also explain what you have to do should you become aware of a future breach.
 
The Facts.
 Deadline: 25th May 2018
Affecting Who: All UK companies that hold “personal identification information”.
Affecting Where: All UK and European Union (EU) countries.
Affecting What: The “reasonable” measures you take to secure data and report breaches
 The Details.
 GDPR affects companies that hold “personal identification information”.
The following data would all fall under this general description.
  • Basic identity information such as name, address and ID numbers
  • Web data such as location, IP address, cookie data and RFID tags
  • Health and genetic data
  • Biometric data
  • Racial or ethnic data
  • Political opinions
  • Sexual orientation
 The GDPR directive requires that all companies hold such information must provide a “reasonable” level of data protection and privacy to all EU citizens. However the term “reasonable” is not well defined.
 One of the biggest and most important changes within the new legislation relates to a breach and therefore loss of this data. The new rules are that any such breaches must be reported to the supervisory authorities and the individuals affected within 72 hours of it being detected.
 Non Compliance.
 The GDPR allows for steep penalties of up to €20 million or 4 percent of global annual turnover, whichever is higher, for non-compliance.
 Next Time.
 Look out for Part 2 in which we’ll help you to review your current data security measures and plan any business critical actions in order to be ready.
Disclaimer
This article is for information purposes only and does not constitute legal advice. Therefore you may not rely on this paper as legal advice, nor as a recommendation of any particular legal understanding.