YOU ARE GOING TO BE HELD ACCOUNTABLE
Arguably the biggest change, the GDPR requires all businesses to demonstrate that they comply with the law.
YOU MUST HAVE A LEGAL RIGHT TO HANDLE DATA
Before they can use personal data, businesses will need to identify a legal basis for doing so. This will be especially important if a business relies on someone’s consent to process their data.
THERE’S A NEW RIGHT TO DATA PORTABILITY
This allows people to obtain and reuse their personal data for their own purposes across different services. It allows them to move, copy or transfer personal data easily from one IT environment to another in a safe and secure way, without hindrance to usability.
THERE’S A NEW RIGHT TO ERASURE
This (better known as ‘the right to be forgotten’) enables people to request the deletion or removal of personal data where there is no compelling reason for you to keep it.
IMPLEMENTATION COULD HAVE SIGNIFICANT RESOURCE IMPLICATIONS
You are likely to find compliance difficult if you leave your preparations until the last minute, especially if you have a large or complex business.
FINES HAVE BEEN GREATLY INCREASED
The GDPR increases the maximum fine for breaching data protection law from £500,000 to €20 million or 4% of turnover, whichever is greater.
DATA PROTECTION OFFICERS WILL BE MANDATORY FOR SOME
The GDPR requires a business to appointment a Data Protection Officer (DPO) if its ‘core activities’ consist of ‘regular and systematic monitoring’ of people on a large scale, or the handling on a large scale of special categories of personal data.
DATA BREACHES MUST BE REPORTED IN MANY CASES
The GDPR will introduce a duty to report certain types of data breach to the Data Protection Commissioner (DPC) Ireland, and in some cases to the people affected. A personal data breach means a breach of security leading to the destruction, loss, alteration, unauthorised disclosure of, or access to, personal data. This means that a breach is more than just losing personal data.
YOU WILL HAVE TO DOCUMENT WHAT PERSONAL DATA YOU HOLD
You may need to organise an information audit, across the organisation, or within particular business areas to establish where it came from and who you share it with.
“THIS ONE’S A GAME CHANGER FOR EVERYONE”*
And having the right mindset towards data protection will help to future proof your business.