Data published by the Office for National Statistics, which reveals that cyber-crime is the most prevalent and prolific threat to UK citizens today, emphasizes the importance of ensuring all staff are adequately trained to understand the precautions required to protect your business.
Adopted by European parliament on 14th April 2016Enforceable throughout the EU on 25th May 2018
Whom does it imply to?
In the Previous Data Protection Act it only applied to UK where as in GDPR it applies to everyone involved in processing data about individuals in the context of selling goods and services to citizens in the EU, regardless of whether the organization is located within the EU.
What to keep in mind if it implies to you?
In obtaining consent for data use, companies cannot use indecipherable terms and conditions filled with legalese. It must be as easy to withdraw consent as it is to give it.
In the event of data breach, data processors have to notify their controllers and customers of any risk within 72 hours.
Right To Access
Data subjects have the right to obtain confirmation from data controller of whether their personal data are being processed. Data controller should provide an electronic copy of personal data for free to data subjects. Free electronic copy of data is to be provided.
Right To Be forgotten
When the data is no longer relevant to its original purpose, data subjects can have the data controller to erase their personal data and cease its dissemination.
Allows individuals to obtain and reuse their personal data for their own purposes by transferring it across different IT environments.
Data Protection officer
Professionally qualified officers must be appointed in public authorities, or organizations that engage in large scale
(>250 Employees) systematic monitoring or processing of sensitive personal data.
What if implied and not followed?
Impacts on business
- Restriction on commercial data use
- Compliance spending
- Inspire trust and confidence
- Safe guard consumer data security rights
The government has confirmed that the UK’s decision to leave the EU will not affect the commencement of the GDPR.