The New GDPR Laws, and How They Affect You.
No doubt you’ll have seen the media coverage of the General Data Protection Regulation, and you may be wondering how this will affect you and the way we store your personal data. We thought we’d give you a bit of a break down of the new rules and regulations.
If you have any additional questions or would like to know what information we hold, please give one of our team a call.
What’s it all about?
The EU is looking to bring data protection regulation into the modern era, where we have found that data is used in ways that we really could not have predicted almost 20 years ago when the original Data Protection Act was brought into law by the UK Government.
Of key importance to the citizens of the EU, which still includes the UK for the time being, is the far greater say it gives you over how your information is to be used.
There is also going to be much tougher sanctions handed out to many companies who don’t comply with the new regulations, which can only really be considered a positive when you look at the number of data leaks we’ve seen over the past few years.
Who does it apply to?
Basically, the new regulation applies to any company or organisation that handles the personal data of anyone living in the EU. Regardless of it being a ‘controller’ or ‘processor’ of the data, they must abide by the new laws.
The regulation applies to any company that handles the personal data of EU citizens, even if the company itself is not based within the EU.
The implications of a data breach.
In the case of a data breach, the company involved must take certain steps as laid out in the GDPR, the first of which is to inform the people who have been affected, and then inform the data protection authorities in the country of those affected.
This initial contact has to occur within 72 hours of the company finding out about the breach and must include as much information as possible regarding the breach. The authorities will be wanting to know exactly how many people have been affected by the breach, the potential consequences and any and all measures you’ve taken to counter it.
The 72-hour time limit that companies who hold EU citizen data must comply with in the event of a data breach is non-negotiable, failure to meet the deadline could mean a penalty fine of up to 2% of the companies worldwide annual revenue, or £10 million.
So, for companies who hold personal data on EU citizens, the rules have become a lot tighter, but it also means that your data is safer now than it ever has been.