top of page
NEWS & RESOURCES
Search

GDPR Compliancy

  • Writer: PTF & B
    PTF & B
  • Jul 18, 2018
  • 3 min read

Updated: Aug 6, 2018

GDPR 101 for CEO's


What does GDPR stand for ?

General Data Protection Regulation.


Where does it come from ?

In 2012, the European Commission sets plans in motion for data protection across EU with the objective to make Europe 'fit for the digital age'. Four years later, EU reached an agreement.

One of the main components of the reforms is the introduction of the General Data Protection Regulation (GDPR). This new EU legal framework applies to organisations in all member-states and has implications for businesses and individuals across Europe, and beyond.


What is GDPR ?

Basically, GDPR is a new regulation designed to give EU citizens control over their personal data.

Almost every service we use (ecommerce, bank, social media...) involves the collection and analysis of our personal data. Our name, address, credit card number and more all collected, analysed and stored by multiple organisations.


What is GDPR compliance ?

Under the terms of GDPR, not only will organisations have to ensure that personal data is gathered legally under stricter conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation.


Who does GDPR apply to ?

GDPR applies to any organisation operating within the EU, as well as any organisations outside of the EU which intend to offer goods or services to private customers in the EU, and therefore process personal data.


What is personal data under the GDPR ?

The types of data considered personal under GDPR regulations include name, address, photos, IP address... Yes, websites' cookies are considered personal data !

GDPR also includes sensitive personal data such as genetic data, and biometric data.


When does GDPR come into full force ?

GDPR will apply across the European Union from 25 May 2018.


What does GDPR mean for businesses ?

Organisations will be encouraged to adopt techniques like 'pseudonymization' in order to benefit from collecting and analysing personal data, while the privacy of their customers is protected at the same time.

Organisations will also have to adapt their IT infrastructure and internal processes, in order to insure safe data processing and storage.


What does GDPR mean for consumers/citizens ?

One of the major changes GDPR will bring is providing consumers with a right to know when their data has been hacked. Organisations will be required to notify the appropriate national bodies as soon as possible in order to ensure EU citizens can take appropriate measures to prevent their data from being abused.

Consumers will also get easier access to their own personal data in clear and understandable terms.

GDPR also brings "the right to be forgotten", which provides additional rights and freedoms to people who no longer want their personal data processed to have it deleted, providing there's no legal grounds for retaining it.


What is a GDPR breach notification ?

GDPR introduces a duty for all organisations to report certain types of data breaches which involve unauthorised access to or loss of personal data to the relevant supervisory authority. In some cases, organisations must also inform individuals affected by the breach.

Organisations will be obliged to report any breaches which are likely to result in a risk to the rights and freedoms of individuals and lead to discrimination, damage to reputation, financial loss, loss of confidentiality, or any other economic or social disadvantage.


What are the GDPR fines and penalties for non-compliance ?

Failure to comply with GDPR can result in a fine ranging from 10 million euros to four per cent of the company's annual global turnover !

Fines will depend on the severity of the breach and on whether the company is deemed to have taken compliance and regulations around security in a serious enough manner.


When do we need to appoint a Data Protection Officer ?

Under the terms of GDPR, an organisation must appoint a Data Protection Officer (DPO) if it carries out large-scale processing of sensitive personal data, carries out large scale monitoring of individuals such as behaviour tracking or is a public authority.

While it isn't mandatory for organisations outside of those above to appoint a DPO, all organisations will need to ensure they have the skills and staff necessary to be compliant with GDPR legislation.

 
 
 

Comments

bottom of page