Published: 03/05/18 by Becky Ashton
You are probably fed up of hearing about GDPR, after all, every other email right now is to alert us to changes and asking us to recommit to signing up for various newsletters and updates.
The only good thing right now is that it’s the perfect time to clean up your inbox and declutter your life.
But despite all the talk of the changes in privacy rules, do you really know what they are?
The new rules, which come into effect on May 25th, will effectively put the control of our personal data back in our own hands which has even more importance than ever following the recent Facebook scandal.
The rules will give us access to our data and the ability to withdraw access to it and it stops companies gathering our data without a very good reason to do so.
What is even more important though companies have to be more responsible than ever when it comes to protecting the data they hold.
This is great news for everyone because it seems there is a new data breach every week and the punishments don’t currently seem to act as a prevention.
When the new rules come in non-compliance penalties could lead to fines of up to €20m or 4& of a company’s global annual turnover (whichever is higher), which will hopefully be enough to ensure businesses spend the money now to prevent penalties occurring.
GDPR also specifies that some businesses have to appoint a specific data protection officer, which sits outside of IT and the boardroom to ensure independence.
A data protection officer is mandatory in three situations: when the organisation is a public authority or body, or when the organisation’s core activities consist of either:
1.Data processing operations that require regular and systematic monitoring of data subjects on a large scale; or
2.Large-scale processing of special categories of data (i.e. sensitive data such as health, religion, race, sexual orientation, etc.) and personal data relating to criminal convictions and offences.
But despite thousands of businesses taking the appropriate steps, 45% of UK marketers have said their business is setting money aside to cover any potential fines issued under the new rules.
New research by data management platform Ensighten, found that just 26% of respondents felt “very confident” that their data governance procedures were robust enough to be classified as compliant by May 25th.
61% of the respondents said that they would apply for an extension on the target date if there was an option to do so, while 7% o said their business had not yet implemented any GDPR-related actions at all – despite having two years to do so!
If you’re one of the 7% who is yet to act, the UK information commissioner’s office (ICO) has an easy to follow 12-step guide which lays out how to document data, know the rights of individuals, deal with subject access requests, obtain consent, lawfully process data — and what to do in case of a breach.
10th Floor, 3 Hardman Street
1st Floor, 138a Main Street