The EU GDPR legislation will affect every business and the fines for non-compliance are huge – and no, Brexit won’t get us out of it. So what is the GDPR, and when will it come into force? Director or Morson Cyber Security Andy Mayo breaks it down:
The General Data Protection Regulation applies to all organisations in relation to the protection, storage, consent and use of all data. It tightens the rules for obtaining valid consent for using personal information. It makes the appointment of a DPO (Data Protection Officer) mandatory for certain organisations and introduces the Mandatory Professional Impact Assessment. Furthermore, companies are required to publicly announce any breach within 72 hours of the attack taking place which means they have nowhere to hide when it comes to informing customers of incidents. It also makes privacy mandatory in systems and processes which can have a serious impact on supply chains.
Personal Data and Consent
Personal Data is defined as any information that is related to a person, such as a name, identification number or location information. This can include internet data such as cookies if they can be linked back to the person. The GDPR states that consent must be acquired for the use of personal data, and this means “any freely given, specific, informed and unambiguous indication […] signifies agreement to personal data [usage].“
The GDPR affects any company that holds any kind of data. It was actually ratified in mid-2016 but has a 2 year implementation period, which means by May 2018 all businesses will be fully compliant. The fines for non-compliance are as much 2-4% of the company’s global turnover, and could result in serious reputational damage. Watch the 60 second summary below:
The GDPR will still apply to every business that offers any form of service to EU citizens, regardless of whether each nation sits within the EU or not. It’s important to not think that Brexit will save your business from having to be compliant, even after the 2 year negotiation window.
Morson Cyber Security offer a complete security managed service that can ensure your business is completely compliant with the GDPR regulations. Find out more