Once a relatively inconsequential date, the 25th May now looms large for business around the world. This is when the EU’s General Data Protection Regulation, or GDPR, comes into effect, shaking up how companies process or store data. So, what exactly is GDPR and how will it impact your business?
The current data laws were drawn up twenty-odd years ago, back when nobody could have predicted the immense volume of data this digital age would generate. New guidelines for how that data is acquired, handled and stored became imperative, leading to the EU’s GDPR legislation, which looks to standardize data protection law across all 28 countries and give control back to individuals.
According to the EU’s own GDPR website, the regulation aims to “harmonize data privacy laws across Europe” and “reshape the way organizations across the regions approach data privacy”, with the intention of giving greater protection and rights to individuals, including:
The right to be informed
The right of access
The right to rectification
The right to erasure
The right to restrict processing
The right to data portability
The right to object
It’s important to remember that some of these rights (or similar) existed in the previous data laws, and the UK’s Information Commissioner Elizabeth Denham has been keen to stress that GDPR is an evolution in data protection, not a total revolution.
Having said that, those companies covered by the GDPR (including those outside the EU who handle data of individuals within the EU) will be more accountable than they were previously, with GDPR bringing certain obligations for better data management by companies. This will include implementing data protection policies, carrying out data protection impact assessments and keeping relevant documents on how data is processed.
As well as these requirements, smaller adjustments will need to be made. For example, you’ll need to ensure your business has in place the means to track down and potentially delete personal data if required. You must also keep track of what the data was collected for and how consent was gathered.
Another of the more widely publicized changes is the requirement for businesses to obtain consent to process data in some situations. When an organization is relying on consent to lawfully use a person's information they have to clearly explain that consent is being given and there has to be a "positive opt-in". So, that means no more pre-ticked opt-in boxes or clicking to opt-out.
In the run up to GDPR, much of the conversation has been around the power regulators have to fine and penalize organizations for noncompliance. In short, if an organization isn’t processing individuals’ data in the right way, they can be fined. And of course, any security breach could also result in a fine.
The GDPR states that smaller offences could result in fines of up to €10 million or 2% of a company’s global turnover (whichever is the greater of the two). Larger offences carry fines of up to €20 million or 4% of turnover, but the Information Commissioner’s Office (ICO) – responsible for data protection enforcement in the UK - have said they would prefer to work with businesses to improve practices.
With all that in mind, as GDPR draws near, now is the time to do a full data audit of all the current information your company holds to make sure it’s compliant (if you haven’t already done so), and to review procedures and processes currently in place.
If you wish to know more about GDPR and what it means for your business, the ICO has compiled an in-depth guide to the legislation which can be reviewed or downloaded here.
In August 2017 Lumi appointed a member of the team to be responsible for data protection/privacy. It was Dave Palmer's role to ensure Lumi was fully GDPR compliant before 25th May 2018. Dave has worked to ensure all of our nine offices are across the regulation. Along with this, we have ensured that any partner we also share data with are also GDPR compliant – such as our event app partner Quickmobile. Any software that we use to store data has been checked and is approved.
Subscribe here to hear more from Lumi .