What affect will the GDPR have on data protection law across the EU?

What is the General Data Protection Regulation (GDPR)? 

Like many professionals working in a small or medium business I couldn’t help but think what’s all the fuss about this new data protection legislation?

Surely it can’t be much different to the current legislation so why does it seem like it is following me everywhere I go these days?

I decided to do some research on the topic and I soon realised the effect that it could have on our business and our clients.

I knew we needed someone in-house that would take this onboard, so I approached our CEO with my concerns.

Little did I know at that stage what I was about to get myself into…

Being the head of finance I wasn’t really expecting his response to be “Ok, off you go and become a GDPR Practitioner so you can lead us through these murky waters.”

Great! The joys of working in an SME where one man’s head can carry 20 men’s hats!

I enrolled on the EU GDPR training programme and after passing two intensive exams I became Zymplify’s official GDPR guru.

Was it worth it? Of course!

GDPR – Data Protection for the Social Media Age

The GDPR is an update to the current UK Data Protection Act. When it comes into effect on 25 May 2018 it will have an impact on all businesses and how everyone deals with data.

In short, the current legislation is outdated and in dire need of a revamp.

Consider this, there was no such thing as Facebook, Google or Twitter when the current rules were introduced in 1998.

In a world where we constantly consume content across all of these channels (and many more) via multiple devices our personal data is being processed in a vastly different manner.

How many times have you saved your passwords or banking details in a website or an app for future use?

This momentous shift in data processing brings with it additional risks. Companies who are involved in processing or controlling data must be able to demonstrate how they protect it.

Get your marketing processes in order before the GDPR comes into effect to avoid a hefty fine

GDPR – Key Areas of Change

  • Harmonisation – There will be one law across all 28 EU member states. This includes the UK following Brexit
  • One stop shop – Organisations will only need to deal with one supervisory authority
  • Obligations on processors – Organisations can now be held to account and will be financially liable for a data breach
  • Consent – There will be much stricter requirements on obtaining valid consent
  • New Rights –  The right to be forgotten and right to data portability will be introduced
  • Profiling – Organisations will need to inform data subjects via a privacy policy of all profiling activities (and provide an opt-out mechanism)
  • Data Protection by Design – The GDPR mandates that compliance must become part of ‘business as usual’
  • Data Protection Impact Assessments (DPIAs) – These are to become mandatory in certain circumstances
  • Record keeping – The Regulation will place the onus on organisations and data processors to demonstrate compliance. They must keep their own records which the supervisory authority can access on request.
  • Data Breach Notifications – It will be mandatory to notify the supervisory authority of any data breach within 72 hours
  • Penalties for Non-Compliance – Fines of up to 4% of annual global turnover or €20m (whichever is greater) can be imposed. A scary thought for any small business!

It’s pretty clear to me that all of the above changes will certainly place huge strain on small companies to ensure that they remain compliant.

The GDPR clock is ticking. We have now less than nine months until this regulation comes into full force so organisations should Act Now!!

Zymplify Can Help You Prepare for the GDPR

Read our GDPR blog posts for more information on what the Regulation could mean for your business and how best to comply.

For a more in-depth look, check out our GDPR Compliance eBook, which tells you all you need to know.

 

Written by Michael Green, Head of Finance at Zymplify

Michael is a chartered accountant and certified GDPR practitioner from Derry City who is part of the senior management team at Zymplify.

When he’s not counting beans or advising on all things GDPR related he spends his time training his 2 year old son to be the next superstar footballer (he’s an avid LFC supporter but we won’t hold that against him).