The General Data Protection Regulation (GDPR), agreed upon by the European Parliament and Council, will replace the Data Protection Directive 95/46/EC in spring 2018 as the primary law regulating how companies protect EU citizens’ personal data. And it’s the biggest shakeup to data protection since the UK’s 1998 Data Protection Act.
The new rules will come into force in May 2018, and early indicators suggest that many businesses aren’t ready. According to one study, around 3.2 million small companies in the UK don’t have plans in place to ensure they are GDPR-compliant. This could be a risky move, as failure to comply with the new rules can result in a fine equal to 4% of annual global revenue or €20 million, whichever is greater.
If your company is not based in Europe but you have clients who are citizens of Europe, your company is required to be compliant.
Personal data is considered to be anything which can be used to identify a person—and this might include full names, email addresses, postal addresses or demographic information. We give up personal data every day, and we rely on companies to do the right thing with our data, to not be negligent.
With GDPR, we have greater rights over our personal data. We’ll have the right to access and change the information that companies hold on us. Meanwhile, companies are required to be more transparent about how they handle and process data. The policy update is said to demand a cultural shift…