The General Data Protection Regulations (GDPR) came into force on 25th May 2018 GDPR works alongside the UK Data Protection Act 2018.
GDPR and its Implication for Your Business
There are significant implications for all businesses that you need to plan for now, irrespective of the outcome of Brexit negotiations.
Failure to comply with GDPR could mean the following penalties could be imposed for personal data breaches:
The DPA highest possible fine was £500,000
The record fine was Talk Talk (£400,000)
The new maximum fines are either 4% of global revenue or 20 million
GDPR applies to all
The GDPR applies to all companies worldwide that process personal data of European Union (EU) citizens
The GDPR widens the definition of personal data
The GDPR considers any data that can be used to identify an individual as personal data. It includes, for the first time, things such as genetic, mental, cultural, economic or social information
The GDPR introduces mandatory DPIAs
The GDPR requires data controllers to conduct DPIAs where privacy breach risks are high to minimise risks to data subjects
The GDPR introduces the right to be forgotten
Under GDPR a customer can request that a business deletes their Personally identifiable information from the companies database and said companies must comply