search.noResults

search.searching

note.createNoteMessage

search.noResults

search.searching

orderForm.title

orderForm.productCode
orderForm.description
orderForm.quantity
orderForm.itemPrice
orderForm.price
orderForm.totalPrice
orderForm.deliveryDetails.billingAddress
orderForm.deliveryDetails.deliveryAddress
orderForm.noItems
So what is GDPR?


After four years of preparation and debate, the new General Data Protection Regulation (GDPR), was finally approved by the EU Parliament on 14 April 2016. The GDPR replaces the Data Protection Directive 94/46/EC and has been designed to harmonize data privacy laws across Europe, to protect and empower all EU citizen’s data privacy and to reshape the way organisations of all sizes across the region approach data privacy.


Failure to meet the stringent requirements of the GDPR leaves you at the risk of significant fines and penalties for those who do not comply. And ignorance of the new regulation will not be an acceptable excuse. The regulation means an increase in the maximum fine the Information Commissioner’s Office (ICO) can impose upon companies in the UK who have not adequately protected themselves against data theft from £500,000 to £17 million (or four percent of turnover). These changes are certainly going to have an impact on your business.


There are two clear drivers behind the GDPR. Firstly, the EU wants to give people more control and say over how their personal data is used. And secondly, the EU wants to give businesses a simpler, clearer legal environment in which to operate, making data protection law identical throughout the single market.


For those of you based in the UK, the cry of ‘we are safe after Brexit from this regulation’ carries no weight. This regulation will apply no matter what the final outcome of the ongoing Brexit negotiations are. So you have an obligation to comply.


Are you ready for the challenge?


The less prepared you are at this stage, the greater your challenge to comply in time when it hits the statute book in May 2018. Alarmingly one in four UK businesses have cancelled preparations for GDPR, according to a survey by the management firm, Crown Records Management.


There is still a concerning misconception that the regulation only applies to large companies and corporates. But as the ICO keeps stressing, the regulation will affect everyone. It even has an impact on organisations outside the EU who do business with companies inside the EU zone.


Who does the GDPR apply to? The answer is that is applies to ‘controllers’ and ‘processors’ of data. Definitions of the two types are that a data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity, government or marine survey business. A processor could be an IT company, for example, that is handling the actual data processing. Even if controllers and processors are based outside the EU, the GDPR will still apply to them so long as they’re dealing with data belonging to EU citizens. Complicated? You bet!


It’s the controller’s responsibility to ensure their processor abides by data protection law and processors must themselves abide by rules to maintain records of their processing activities. If processors are involved in a data breach, they are far more liable under GDPR than they were under the Data Protection Act.


The GDPR will affect the way in which you go about your business and how you hold, store and use data about your customers, employees, suppliers and any other individuals whose details you hold. GDPR affects the notices and information that you will be required to give to individuals about how their information is to be used by you. The GDPR increases the power of individuals (including your customers) to control, manage, inspect and in some cases delete forever, their information. The GDPR also gives individuals greater powers to complain about organisations which misuse their data.


Expanded geographical reach


The GDPR regulation expands the reach of European data protection law and applies to:


• any organisation which has a presence in the EU that provides goods and services regardless of whether any payment is taken;


• any organisation which is based outside of the EU but which processes personal data of EU residents in connection with goods/services offered to him/her regardless of whether the processing takes place within the EU;


• any organisation which monitors the behaviour of EU residents, e.g. the tracking of individuals online to create profiles and to analyse behaviours.


The Report • December 2017 • Issue 82 | 61


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40  |  Page 41  |  Page 42  |  Page 43  |  Page 44  |  Page 45  |  Page 46  |  Page 47  |  Page 48  |  Page 49  |  Page 50  |  Page 51  |  Page 52  |  Page 53  |  Page 54  |  Page 55  |  Page 56  |  Page 57  |  Page 58  |  Page 59  |  Page 60  |  Page 61  |  Page 62  |  Page 63  |  Page 64  |  Page 65  |  Page 66  |  Page 67  |  Page 68  |  Page 69  |  Page 70  |  Page 71  |  Page 72  |  Page 73  |  Page 74  |  Page 75  |  Page 76  |  Page 77  |  Page 78  |  Page 79  |  Page 80