An Introduction to the General Data Protection Regulation (GDPR)
As you may be aware, the new EU General Data Protection Regulation (GDPR) is being introduced, with the deadline for compliance being 25th May 2018. Considering all that the legislation entails, that is not long at all – we would advise that every business would start preparing now. In anticipation, we have put together a GDPR series of blogs and briefings, detailing the Regulation, the Key Impacts and next steps to ensure your business is compliant come 25th May 2018.
Why is the new General Data Protection Regulation necessary?
The GDPR will replace the EU Data Protection Directive to keep apace with technological advances including the handling of digital data and cyber security. All organisations, large and small, across the EU must securely protect all data collected. The GDPR is being introduced to achieve the following aims on a EU wide level –
Enhanced privacy rights
Accountability and risk based approach
Single Uniform Law
The main principle of the GDPR is that personal data can only be sourced and stored under strict conditions and for a legitimate purpose. It contains specific elements such as a right to be forgotten, as well as a data breach notification requirement, failure to comply could incur massive penalties for businesses.
Businesses of all sizes will be required to report most breaches concerning personal data. You will be required to inform those individuals whose personal data has been affected along with the Data Protection Commissioner as soon as the breach occurs.
Key Principles of Data Protection Law
Data to be processed lawfully, fairly and in a transparent manner.
Data to be collected for specified legitimate purposes and not processed for incompatible purposes.
Data must be adequate, relevant and limited to what is necessary in relation to the purposes.
Keep data accurate and up to date using every reasonable step to ensure inaccurate personal data are erased or rectified.
Data to be kept in form which permits identification for no longer than necessary for the purposes.
Ensure appropriate security (including protection against accidental loss, destruction or damage) using appropriate technical or organisational measures.