The General Data Protection Regulation (GDPR) from the European Union comes fully into effect on 25th May 2018.
Firstly, we are not lawyers. Our business is IT and Telecoms and we cannot give any detailed guidance on GDPR in general and what it means to your business. If in doubt, consult a lawyer who understands GDPR.
Secondly, don’t panic. This is good news as it is going to force all companies to take care with your data.
So, what does this all mean?
GDPR gives all EU citizens new rights:
1.Right of access
EU Citizens have the right to know about the details of any personal data you hold about them and how it is processed. You are obliged to provide this information when requested.
2.Right to be forgotten
EU Citizens also have the right to be forgotten. You will be required to cease any processing of their data and delete it if they request this.
3.Right to be informed about data breaches
You can’t keep data breaches secret to protect against bad publicity and any other consequences. You must inform the people you keep data on about any breaches within 72 hours. You must also inform any bodies such as the Information Commissioners Office (ICO).
4.Right to data portability
If you hold any data, it belongs to the related individual. If they request that you pass on that data to another organisation you must comply.
5.Right to data correction
Any data you hold about an individual must be accurate. EU citizens have the right to demand that it is corrected.
What types of information does GDPR cover?
GDPR encompasses a lot of data types such as names, ip addresses, national insurance numbers, CCTV recordings, ethnicity, heath, political affiliations and more. If in doubt contact the Information Commissioners Office.
What about security?
From May you will be required to implement reasonable data protection measures to protect EU citizens data. This may include things such as encryption and two factor authentication. We’ll cover this in a later post.
Does GDPR apply to you?
GDPR applies to European businesses and organisations doing business with or tracking the behaviour of EU residents.
For any organisations based in Europe this is very simple – yes it applies to you! Businesses outside the EU will need to assess the impact individually. If you don’t interact and obtain data on EU citizens, then you may not need to worry. But if for example you supply goods or services to individuals or organisations in the EU then GDPR would apply to you. If you are not sure, then seek legal advice on compliance before the law comes fully into effect.
Check back on our blogs or sign up for our newsletter if you want to be kept updated on free information related to GDPR and IT/Telecoms in general.
We can assist you with the technology aspects of GDPR – what you should do as far as keeping data safe, how you should store it, how are backups affected and so on.
Posts to follow:
- The right to be forgotten – managing data
- The impact on backups
- Do I need to do anything about email?
- Keeping your data secure