Since they were created in the 90s, the amount of digital information we create, capture, and store has vastly increased.
The General Data Protection Regulation (GDPR) will come into force on May 25 2018. It will change how businesses and public sector organisations handle the information of their customers, clients and employees.
The GDPR is Europe’s new framework for data protection laws – it enhances the previous UK data protection directives (1995 and 2008), which current UK law is based upon, and increases the rights of the individual to access, amend and delete all or part of their data and how the data is used and shared.
The GDPR regulation applies to anyone who processes the personal data of EU residents. This means that, whether a business is small or international, they must comply with the new regulations for secure collection, storage, and usage of personal information.
GDPR Key Changes
- There is an increased scope which applies to all companies that process personal data of people residing in the EU, regardless of the company’s location.
- Companies must give data subjects more information about why they are collecting their personal data.
- There are new regulations for gaining consent to collect personal data; companies are now required to gain clear affirmative action or Opt-In.
- A Company must delete data that is not being used for its original purpose.
- People can revoke their consent to data processing at any time, and it must be easy for them to do so.
- A Company must notify data breaches to regulators and those affected by the breach, within 72 hours.
We will keep you up to date with any other changes as we assess the legislation.