WHAT IS GDPR
The EU General Data Protection Regulation (GDPR) provides a single, harmonised data privacy law for the European Union. The GDPR replaces the current Directive and became applicable from 25 May 2018 in all Member States. The GDPR will affect every organisation that processes EU residents’ personal data.
The EU General Data Protection Regulation (GDPR) also imposes obligations on companies to not only document and safeguard information on identifiable living persons but companies must also be able to evidence compliance.
All organisations must comply with the new law, or potentially face fines of up to 4% of annual turnover or €20 million (whichever is greater).
The key changes introduced by the Regulation;
• Companies are required to be able to demonstrate compliance.• Becoming compliant and evidencing compliance is the big challenge facing SME’s and all companies.
• Companies are to be clear and transparent in how they collect, process and store data.
• The definition of personal data is broader, bringing more data into the regulated perimeter.
• The scope is broader - If your business is not in the EU, but you process the data of people who reside within the EU you will still have to comply with the Regulation.
• New data breach notification requirements: (72 hours, Mandatory reporting and reporting details)
• Increased Data Subjects rights. EU data subjects will have the following rights.
o To Access their data.
o To Obtain a copy of their data.
o To rectify their data.
o To restrict processing on some or all of their data.
o To remove consent on some or all of their data.
o To request the right to be forgotten.
o To data portability.
• The appointment of a data protection officer (DPO) will be mandatory for certain companies and other bodies.
• Increased restrictions and mandatory defined protections on the international transfer of data.
• Require the implementation of Privacy by Design.
• Introduction of mandatory Data Protection Impact Assessments in certain situations.
• Changes to the rules for obtaining valid consent including how consent will be necessary to process children’s data.
• Increased data processor responsibilities.
• Increased fines and powers of sanction ( up to €20 million of 4% of global turnover)
GDPR Limited (www.gdpr.ie ) and The Data Protection Group are industry specialists with legal and compliance experts to assist companies in meeting their obligation in a straightforward and cost-effective manner to comply and maintain their compliance with the GDPR
FTC Takes Action against Companies Falsely Claiming Compliance with the EU-U.S. Privacy Shield, Other International Privacy Agreements
European Data Protection Board – Eleventh Plenary session: Guidelines on Codes of Conduct, annex to the Guidelines on Accreditation, annex to the Guidelines on Certification