Unless you have been living under a rock, you will most definitely have heard about the new GDPR rules which came into play in May 2018. The General Data Protection Regulation (GDPR) is a very important range of legislation which affects organisations greatly. Here at IT Outcomes, we have a whole range of GDPR services and GDPR consultancy operations to help you to understand the new rules and become compliant. Here are our top five things to be aware of when it comes to GDPR and your business.
GDPR applies to you: The GDPR applies to all business worldwide which process personal data of European Union citizens. This is the first time that the European Commission has exported data protection principles to the rest of the world. This essentially means that any company working with information relating to EU citizens will have to comply with the GDPR requirements. This means that all companies around the world will need to take their data privacy more seriously than before.
The GDPR has a broad definition of personal data: Whilst the definition of “personal data” has always been broad, the GDPR widens it even more, with new sorts of personal data now included in the regulation. Some parts of IT which have not previously been affected by data protection laws will now need attention to make sure they are compliant. The GDPR includes any data which could be used to identify someone, such as genetic, mental, cultural, economic or social information.
Valid consent is now crucial: Having the ability to prove you have valid consent to use personal information is one of the biggest challenges for businesses. Organisations must ensure they use simple language when asking for consent to collect personal data; it needs to be crystal clear how and why you will be using an individual’s personal information. The most important thing to remember is that silence or inactivity no longer constitutes consent.
The Right to Be Forgotten: The GDPR introduced a stringent data handling principle – organisations MUST delete the data of any person when they request the deletion. You must gain fresh consent before you can alter the way you use the data that’s been collected too.
Hefty fines for non-compliance: The enforcement of GDPR rules are backed with significant fines of up to €20m or 4% of group annual global turnover (whichever is higher). The good thing is that businesses will only have to deal with one supervising authority rather than a different one for each EU state. This will make it simpler for organisations to handle the administration of the new rules.
As you can see, there is a lot more for businesses to be concerned about when it comes to data protection and privacy. If you feel that all this is somewhat beyond you, why not book a meeting with our GDPR specialists here at IT Outcomes? We can help your business become as compliant as you possibly can, with our expert knowledge and structured GDPR compliance services to help organisations large and small. Contact us today to find out more!