On the 26th of May 2018, new laws regarding data protection will come into effect for all EU member states. The General Data Protection Regulation or (GDPR) introduces some significant changes to our current data protection rules. It will be important for Businesses of all shapes and sizes to be aware of these changes.
This simple guide will help you understand some of the most important changes to the Data protection laws.
It will now be more difficult to rely on consent as a legal basis for data processing. Consent must be ‘freely given, specific, informed and unambiguous’. Basically, your customer cannot be forced into consent, or be unaware that they are consenting to processing of their personal data. They must know exactly what they are consenting to, and there can be no doubt that they are consenting. Obtaining consent requires a positive indication of agreement – it cannot be inferred from silence, pre-ticked boxes or inactivity.The GDPR is clear that controllers must be able to demonstrate that consent was given.
Processing Children’s Data:
If your work involves the processing of data from underage subjects, you must ensure that you have adequate systems in place to verify individual ages and gather consent from guardians. The GDPR will introduce special protections for children’s data, particularly in the context of social media and commercial internet services. “Consent needs to be verifiable” which means that consent must be requested in a language they can understand.
You must make sure you have the right procedures in place to detect, report and investigate a personal data breach.
Breaches that are likely to bring harm to an individual must also be reported to the individuals concerned. For example identity theft or breach of confidentiality! Now is the time to assess the types of data you hold and document. Any breach must be reported to the data protection commissioner. This will be new to many organization but its very important to be aware of it. GDPR introduces significant increases in sanctions if there is a data breach. At their highest, the fines can reach up to 4% of an organisation’s annual worldwide turnover or up to €20 million!
Enhanced rights for individuals such as:
·The right to access data
·The right to rectification ·
·The right to erasure (to be forgotten)
·The right to restrict processing
·The right to object to processing
·The right to data portability
These are just some of the basic changes coming with GDPR. If you want further information make sure and watch the video below by the Data Protection Commissioner or visit their website by clicking here.