GDPR
A Quick Glance
25th May, 2018 marks the day on which GDPR that replaces the Data Protection Directive 95/46/EC comes into force around Europe. The purpose of this reform is to give EU citizens control over their personal data, and harmonize data privacy laws across Europe. It is designed to protect and empower all EU citizens’ data privacy and to reshape the way organizations across the region approach data privacy.
Key pointers surrounding GDPR
Data Breach
If an organisation discovers it has suffered a data breach it will have to inform the supervisory authority within 72 hours of first identifying the issue.
Consent
Any business that is going to store and use a person’s data must ask that individual for consent, as well as explain what the data will be used for.
Right to Access
Individuals will be able to submit a Subject Access Request (SAR) to a company requesting all the data it holds on that person. The company must be able to provide electronic copies of that data, as well as explain where the data is stored and what it is being used for.
Data Portability
Linked to the right to access, individuals will also be able to obtain and reuse their personal data for their own purposes across different services and businesses will therefore be required to provide that data in an appropriate format.
Right to be Forgotten
Individuals can request a business holding their data not only delete it, but also not to share it with third parties.
DPO
Any organisation storing or processing personal data will have to appoint a Data Protection Officers (DPO).
Penalties
Fines for failing to comply with the laws can be up to four per cent of the businesses global annual turnover or up to €20m.
Scope
Organisations in the EU and organisations outside of the EU who process the data of EU residents will have to comply with GDPR.