The EU General Data Protection Regulation (GDPR) shall apply from 25 May 2018 and the day is fast approaching.
What you need to know:
- This new directive will now apply to the individual’s private, public or professional role
- What was considered as recommended guidelines will now be a mandatory practice
- What constitutes personal data? Any information that can be used to directly or indirectly identify the person: anything from a name, a photo, an email address, bank details, posts on social networking websites, medical information, or even a computer IP address.
- If you have any contacts in your database that are EU citizens, you have to comply – The GDPR not only applies to organisations located within the EU but it will also apply to organisations located outside of the EU if they offer goods / services to, or monitor the behaviour of, EU data subjects.
- Brexit: if you contain data about individuals in the context of selling goods / services to citizens in other EU countries then you will need to comply with the GDPR
- Big fines: 4% of annual global turnover or €20 Million whichever is greater
- No more pre-ticked boxes
- Your sign-up form has to have clear and to the point language
- The right to be forgotten
- Proof of concent
- It should be as easy to withdraw consent as it is to give it
- Responds to the data requests need to happen promptly (no longer than one month)
- Companies processing large volumes of personal data need to have data protection officers
I have to give a shoutout to IT Governance for their great infographic: