This Data Protection Day get your organisation GDPR ready
With just four months to go till General Data Protection Regulation (GDPR) comes into force on 25 May 2018, this Data Protection Day (28 January) take time out to ensure you know exactly how this might affect your organisation.
The increasing use – and abuse – of personal and sensitive information has driven forward this reform of data protection law in Europe, shifting the balance of power towards the citizen to whom the personal data belongs and away from organisations that collect, analyse and use such data.
Building on the existing Data Protection Act the new General Data Protection Regulation (GDPR) will come into effect on 25 May 2018 and will continue to apply to UK after Brexit negotiations take place in order to allow businesses to work across the EU.
Every business and organisation that handles and uses personal information will need to consider what action they should take to protecting that vital data under GDPR.
This evolution in data protection has been developed to bring benefits to people, businesses and organisations. The measures set out in the GDPR will:
• strengthen citizens’ rights and help them to have trust and confidence in the services they use
• combat international crime and support better cross-border cooperation of law enforcement,
• remove obstacles to cross-border trade, enabling easier expansion of businesses across Europe.
The key changes include:
• People will have increased rights of access to, portability and deletion of their personal data.
• Organisations must be accountable for what, why and how they process information.
• Fines for breaches may increase to €10-20 million or 2%-4% of turnover, whichever is largest (currently the ICO’s maximum fine is £500k).
• It will become mandatory to report significant breaches to the Information Commissioner within 72 hours of becoming aware of it, if it’s likely to result in a risk to people’s rights and freedoms.
• Public sector organisations – and other organisations that monitor individuals systematically and on a large scale, or that process special categories of personal data on a large scale – must appoint a Data Protection Officer who reports directly to the highest level of management.
What can your organisation do to be prepared for GDPR?
Getting ready to comply with the GDPR can start with making sure the basics are in place using ICO’s 12 steps: https://ico.org.uk/media/1624219/preparing-for-the-gdpr-12-steps.pdf
They will be developing guidance over the coming months so keep an eye on their website for more information.
Your organisation might also consider the Cyber Essentials scheme and the 10 Steps to Cyber Security, both developed by Government to ensure any organisation can protect themselves from common cyber-attacks.