5 February 2018

GDPR – “The New Data Protection Act”

Data protection is changing. YOU need to change with it.

The “General Data Protection Regulation” specifies how personal data should be used and protected.

Sensitive personal information held by businesses pose significant risk if stolen/ lost or abused.

These changes come into effect in May 2018.

Here is how if effects you:

Consent
- Businesses must be clear and concise when obtaining consent for data use. No legalese (jargon).
- It must be as easy to withdraw consent as it is to give it.
Breach Notification
- You now have 72 hours to notify customers and controllers of any risk.
Right to Access
- Data handlers are required to confirm when using personal data.
- Provide a FREE electronic copy of data on request.
Right to be Forgotten
- If information is no longer relevant to its original purpose, data controllers are compelled to erase user data on request and cease its dissemination.
Data Portability
- Allows individuals to obtain personal information from you and reuse for their own purposes.
Privacy by Design
- Calls for inclusion of data protection infrastructure from the onset of designing systems.
Data Protection Officers
- In organisations over 250 employees.
  - Professionally qualified officers should be appointed.
  - For the purpose of systematic monitoring or processing of sensitive personal data.

You can be fined up to 4% of your global turnover or €20 Million.

More restrictions on what you can do with data (collecting, storing and usage).
Operational processes and data structuring may need to change to ensure compliance.

GDPR is seen as strictest data security framework in the world. Please review the link below to familiarise yourself with the subject.

We highly recommend making changes now to avoid any penalties and to make the development transition as smooth as possible.

We are happy to consult on this with you to ensure the best path moving forward.