Posted on 28th June 2018 • Categories: Writers & Publishers
GDPR Briefly Explained
The GDPR is Europe’s new framework for data protection laws which has replaced the previous 1995 data protection. It now gives greater protection and rights to individuals and means significant changes to the way businesses and public bodies handle our personal information.
From May 25, 2018, General Data Protection Regulation (GDPR) was enforced by data protection regulators across Europe. It has changed how businesses and public sector organisations can handle the information of their customers. Under new ICO regulations, if your organisation is a “controller” or “processor” of personal data then it will be covered by the GDPR.
Cybercrime has been on the increase over recent years, and there has been many major data breaches at even some of the biggest firms have given criminals access to names, dates of births, addresses and bank details.
Companies covered by the GDPR will be more accountable for their handling of people’s personal information. This can include having data protection policies, data protection impact assessments and having relevant documents on how data is processed. If there was to be a data breach, the ICO has to be told about it within 72 hours of an organisation finding out about it and the people it impacts also need to be told.
For organisations with more than 250 employees, the company must provide employees documentation of why people’s information is being collected and processed, descriptions of the information that’s held, how long it’s being kept for and descriptions of technical security measures in place. If your company has “regular and systematic monitoring” of individuals at a large scale or process a lot of sensitive personal data, then they have to employ a data protection officer (DPO).
The GDPR is also giving individuals a lot more power to access the information that’s held about them. When someone asks a business for their data, the business must provide it within one month. If an organisation does not process an individual’s data in the correct way, it will most probably be fined, and the fine will be considerably higher than it has been previously.