GDPR – Get Data Privacy Ready!
With the introduction of the most comprehensive Europe-wide data privacy legislation to date in the form of the General Data Protection Regulations (GDPR) that come into effect on 25 May 2018, the main question in most business owners’ minds is “are we ready”?
This legislation replaces most of the provisions of the UK’s Data Protection Act 1998 (DPA) and other local data protection laws across the EU. Yes, it is a game changer; no, we shouldn’t fear it. GDPR is designed to give individuals greater and better control over their personal data, establishing a single set of rules across Europe. It also finally provides organisations with a concise approach to managing, processing and protecting personal data.
The continued and unstoppable growth of cyber-crime means organisations of all sizes need to rethink their approach to the security of information and data. Thinking you are ‘too big or too small’ to suffer a data breach or hack isn’t enough and GDPR is a timely reminder of how important it is. Did you know at least 60% of small businesses never recover after a serious data breach or cyber-attack? Everyone knows the importance of staying safe and secure in a digital world; under GDPR the consequences of a breach could result in fines of up to 4% of annual turnover.
Attacks are becoming increasingly more sophisticated and stealthy, targeting people, networks and devices. There are many questions you should be asking yourself now, but to start: Do you know where your data is? Do you meet your legal obligations, including the new GDPR, to keep data secure? Do you have a breach response plan?
With the introduction of our Data Privacy Division at TenIntelligence, our primary focus is to help businesses be resilient, to protect themselves and their customers and to swiftly recover and resume operations if an attack or breach is suffered.
GDPR – the basics:
• GDPR introduces greater rights and choice for individuals, while imposing tighter controls and requirements on data controllers and processors.
• GDPR has world-wide application. It will cover all organisations, wherever located, which hold or process personal data of EU citizens.
• Brexit will not affect the application of GDPR in the UK.
• GDPR broadens the definition of ‘personal data’ to include, inter-alia, web-based identifiers and IP addresses.
• It will introduce much stricter rules for obtaining valid consent from data subjects.
• Newly introduced, mandatory Privacy Impact Assessments will have to be conducted by organisations.
• Organisations will be required to apply the principle of ‘Privacy by Design’ to all their processes and systems.
• Data subjects will acquire a new ‘Right to be forgotten’.
• Data Breaches will have to be reported to the relevant authority within 72 hours of an organisation discovering a breach.
• Penalties are hefty and substantial – it could amount to the greater of 4% of an organisation’s annual worldwide turnover or €20million.