Who knew that 4 letters could temporarily turn the world upside down?
It’s okay, you’re safe here.
No doubt you’ve noticed the countless posts and opinions on the new GDPR regulations. You may have even seen people flailing on social media, asking for help, writing their wills and bombarding their advisors with phone calls.
But let us get you out of that war-zone, and tell you how it really is.
Understanding the rules of GDPR (General Data Protection Regulation) can be puzzling, there are so many big words flying around and people are saying one thing and meaning another and it really is exhausting. But, that’s why we have put together a blog which describes the new GDPR in a much simpler way. Gone are the days of worrying, instead allow us to help you understand how to abide by this new rule in less than 1,000 words.
What is the General Data Protection Regulation?
The EU has now introduced a new Data Protection Act, which states that it will impose heavy fines and penalties on companies that do not abide by its exact rules. This update will provide customers with the ability to have a say in what businesses do with their personal data, including their emails, phone numbers and address information.
Basically, all it is, is to provide the public with more control over how companies manage their personal data.
All the EU wants to do is prevent the exploitation of personal data and with an ever-growing internet, data can quite often be manipulated and misused, and that is where GDPR has stepped up and fought back.
GDPR has been around for a few months now, and people have realised it’s not as daunting as it was made out to be
GDPR came into effect around May 2018. To ensure you meet all standards, you can request help from IT professionals if you really want too, but you can simply manage it all yourself, it’s much easier than you realise.
All you have to do as a business owner, is safely store your customer’s data and keep the records for at least 5 years, and if Joe Bloggs calls asking for you to de
Who is affected by the new GDPR?
Companies which control or process data on a constant basis are viable for the approaching, GDPR law, this would include companies of a charitable purpose to government facilities. However, IT professionals who are managing the actual information will be eligible to follow this new ruling. Whether the controllers and processors are outside of the EU or not, they still need to play to rules of the EU’s new GDPR law in order to remain free from penalties.
What counts as personal data under GDPR?
The EU has recently expanded on the list of personal data factors, with the new regulation you will need to make sure IP addresses, economic, cultural, mental health information and contact details are stored securely and you must gain the consent for this information in an informative way so the customer knows how their information is being used.
What is the ‘right to be forgotten?’
People have the right to demand for their data to be removed at any given time if they no longer wish to receive information from yourself or need your service. Under this rule furthermore they can ask for their information to be erased completely if they have removed their consent for their data to be retained.
What do you do if you suffer a data breach?
If this event occurs, your company must inform the Data Protection Authority if you believe client’s information is at risk of breaching rights and freedoms. You must ensure you do this within 72 hours of you becoming aware of the circumstances; failure to do so could result in the pending fine.
However, within this time frame you must ensure you tell the owner of the details that their information is at risk, failure to comply to this could result in a £20 million fine or worldwide revenue whichever turns out to be higher.