Be prepared , but not scared - Here's our initial GDPR Compliance Guide
There is an awful lot of scaremongering going on at the moment about the new General Data Protection Regulation (GDPR) that comes into affect in May 2018. Whilst we agree that any new law should be respected, at Elevate we take a pragmatic approach.
We prefer to advise our clients and business friends, rather than frighten people into panic mode. We want to be able to assist our clients take a practical approach to ensuring they are compliant with these new data rules.
Here's a quick GDPR Compliance Q&A to make you aware of some of the basic things you should know about these new regulations.
Here are some common questions, with answers, about GDPR
What is GDPR ?
By now, you've probably heard of the GDPR which stands for the General Data Protection Regulation, a European privacy law approved by the European Commission back in 2016. In May 2018 it will replace any previous law governing data protection. A regulation such as the GDPR is a binding act, which must be followed in its entirety throughout the EU.
The GDPR is an attempt to strengthen, harmonize, and modernize EU data protection law and enhance individual rights and freedoms, consistent with the European understanding of privacy as a fundamental human right.
Despite Brexit, the UK is still bound by this new law, not only because the UK has chosen to (because it makes sense) but trading with countries who operate under GDPR will be compromised if we don’t uphold the same standards. So it makes complete sense to adopt this law.
The GDPR regulates, among other things, how individuals and organizations may obtain, use, store, and eliminate personal data. It will have a impact on businesses around the world, including the UK, so we think it's best to prepare in advance for these new rules.
At the core of GDPR sits 'consent'. At the moment businesses are able to assume consent; using data to communicate with any subject that had contacted them. With the new reguations businesses need to obtain definite, provable and unambiguous consent in order to send their data subjects marketing collateral and other communications.
How do I obtain unambigous consent?
affirmative action, signifying agreement to the processing of personal data relating to himor her’.
In other words this will signal the end of automatic, pre-ticked boxes, instead requiring data subjects to explicitly take action (ticking a box, changing privacy/communication settings, etc) in order to demonstrate their consent
When does GDPR come into effect?
The GDPR was adopted by the EU in April 2016, but will officially come into play on 25th May 2018. As there will not be a “grace period,” we think that it's important that businesses impacted by the GDPR get ready for it now. So we are advising our clients to prepare now, so as not to have any hassle from May 2018 onwards.
Who needs to comply?
All organizations established in the EU, and those organizations involved in processing personal data of EU citizens. This basically means that the GDPR will apply to any organization processing personal data of EU citizens, regardless of where it is established, and regardless of where its processing activities take place. This means the GDPR could apply to the vast majority of organizations anywhere in the world.
It also applies across all industries and sectors, so in other words it applies to your business!
In a nutshell
After the 25th May 2018, all businesses will be legally required to document data processing activities.
So we hope this short GDPR Compliance Guide has been of assistance.
Please do not hesitate to get in touch for more assistance.