The European Commission is trying to make Europe ‘fit for the digital age’ set out plans for data protection reform across Europe in January 2012. In December 2015 – almost 4 years later – they reached an agreement on data protection laws and how to enforce these laws. A major part of this reform is the introduction of the GDPR. The GDPR will apply in all EU member states and has an implementation deadline of 25 May 2018.
General Data Protection Regulation.
GDPR is Europe’s current framework for laws on data protection – it’ll be replacing the old and outdated 1995 data protection directive.
According to the EU GDPR website, the legislation is going to “harmonise” data privacy laws throughout Europe and offer protection to the populace. In the GDPR, there’s a considerable amount of changes on how personal information can be handled by the public, businesses & bodies collect personal information.
Yes, it most likely will. People, companies, and organizations, that are either ‘processors’ or ‘controllers’ of personal data are covered by the GDPR. If you’re currently subject to the DPA, you’ll probably also be subject to the GDPR.
Personal data includes every data that can be used to identify someone. This can be an IP address, address, name, etc. Sensitive personal data refers to information about sexual orientation, political and religious views, genetic data, and more.
Companies that don’t comply with the GDPR or that are found lacking can be fined – no one wants to be fined, so this is probably why it’s the most talked about section of the regulation. If you don’t process personal data properly, you may be fined. If your company is supposed to have a data protection officer, and it doesn’t, you may be fined. You may even be fined if there’s a security breach.
These fines will be determined upon by Denham’s office. The GDPR suggests that smaller offences could result to a €10 million fine or 2% of a company’s revenue (whichever is larger). If the consequences are higher, they can be fined up to 20 million euros or 4% of their turnover (whichever is larger). These are a lot greater than the £500,000 penalty the ICO currently has.
The best way to prepare for GDPR is to make use of a technology solution that’ll help you meet requirements around data portability and data deletion. We’ve built B2B and B2C GDPR solutions that’ll help make sure you’re on the right side of the law.