WHAT IS GDPR
The EU General Data Protection Regulation (GDPR) provides a single, harmonised data privacy law for the European Union. The GDPR replaces the current Directive and became applicable from 25 May 2018 in all Member States. The GDPR will affect every organisation that processes EU residents’ personally identifiable information (PII).
The EU General Data Protection Regulation (GDPR) also imposes obligations on companies to not only document and safeguard information on identifiable living persons but companies must also be able to evidence compliance.
All organisations must comply with the new law, or potentially face fines of up to 4% of annual turnover or €20 million (whichever is greater).
The key changes introduced by the Regulation;
• Companies are required to be able to demonstrate compliance.• Becoming compliant and evidencing compliance is the big challenge facing SME’s and all companies.
• Companies are to be clear and transparent in how they collect, process and store data.
• The definition of personal data is broader, bringing more data into the regulated perimeter.
• The scope is broader - If your business is not in the EU, but you process the data of people who reside within the EU you will still have to comply with the Regulation.
• New data breach notification requirements: (72 hours, Mandatory reporting and reporting details)
• Increased Data Subjects rights. EU data subjects will have the following rights.
o To Access their data.
o To Obtain a copy of their data.
o To rectify their data.
o To restrict processing on some or all of their data.
o To remove consent on some or all of their data.
o To request the right to be forgotten.
o To data portability.
• The appointment of a data protection officer (DPO) will be mandatory for certain companies and other bodies.
• Increased restrictions and mandatory defined protections on the international transfer of data.
• Require the implementation of Privacy by Design.
• Introduction of mandatory Data Protection Impact Assessments in certain situations.
• Changes to the rules for obtaining valid consent including how consent will be necessary to process children’s data.
• Increased data processor responsibilities.
• Increased fines and powers of sanction ( up to €20 million of 4% of global turnover)
GDPR Limited (www.gdpr.ie ) and The Data Protection Group are industry specialists with legal and compliance experts to assist companies in meeting their obligation in a straightforward and cost-effective manner to comply and maintain their compliance with the GDPR
- Credit reference agency Equifax fined for security breach 20/09/2018
- UK says free flow of personal data from EU not guaranteed if no-deal Brexit 17/09/2018
- Solicitors’ patient data demands anger GPs 17/09/2018
- Mozilla co-founder’s Brave files adtech complaint against Google 13/09/2018
- Facial imaging software detects 28 cases of welfare fraud in 2018 12/09/2018
- BA hacked: 380,000 card payments ‘compromised’ in breach 07/09/2018
- Air Canada app data breach involves passport numbers 04/09/2018
- Google and Mastercard Cut a Secret Ad Deal to Track Retail Sales 31/08/2018
- ‘Serious data protection flaw’ in Student Leap Card system 31/08/2018
- GDPR Age of “Digital” Consent 28/08/2018
- Handbook on European data protection law – 2018 edition 28/08/2018
- Privacy law upending €173bn ads market 24/08/2018
- Health regulations will allow use of personal data without consent 24/08/2018
- GDPR 1 Day Intensive Workshop Dublin September 18th 22/08/2018
- Some 37,000 Eir customers have been hit by a security breach after a staff laptop was stolen 22/08/2018