How GDPR Will Impact Data Management Practices
In insight / By Lydia Cooper / 30 January 2018
On May 25th 2018, Europe’s General Data Protection Regulation (GDPR) will become implemented into legislation and this means that for all those within the IT and data management industry, life in the workplace is about to drastically change.
In order to make sure that you and your workplace are prepared for the new changes to data protection, we’ve compiled a guide to some of the essential things about GDPR that you’ll need to know; helping to ensure that you’re ahead of the data management game.
What is GDPR
Europe’s General Data Protection Regulation (GDPR) is a new legislative law that will help reinforce and strengthen data protection and provide heightened security to both individuals and companies across the EU. Although the UK currently has the Data Protection Act 1998 implemented into legislation, the GDPR will override and tighten these pre existing laws and ensure that all of Europe is united and subject to these new data protection laws.
Who Does GDPR Affect?
Although it’s only the 28 states of Europe that will fall under the direct legislation of the the GDPR, this doesn’t mean that only the EU will be affected by these changes. In fact any company that provides services or offers goods to European data subjects that either manage, hold or process data of those living with the EU is affected as a result.
How Will GDPR Affect You?
When working out how GDPR will affect you and your work, it’s first important to establish whether you’re a processor or controller of data, as this will drastically alter the implications of the General Data Protection Regulation within your workplace.
According to Article 4 of the GDPR, a processor is ‘ a natural or legal person, public authority, agency or other body which processes personal data on behalf of the controller.’ whilst a controller is ‘the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of personal data.’
If your role falls under ‘processor’ then you are subject to a significant number of restrictions under the controller. For example, processors can’t engage another data processor without the express permission of the controller. In contrast to this, the controllers are responsible for handling personal data, and as such are tasked with taking charge of ensuring that the GRPR is upheld and complied with. However it is worth noting that both processors and controllers are subject to fines if the legislation of the GDPR is not upheld, and could face a minimum whopping 20 million euros fine.
Important Changes to be Aware of With GDPR
Although there are many changes that the General Data Protection Regulation will bring to the role of data management, there are some changes that are more notable than others.
Primarily it’s important to know that as of March 25th 2018, all data breach notifications have to be handed to the relevant supervisory authority within 72 hours of a data breach where it is likely to “result in a risk to the rights and freedoms” of individuals. This new limited time frame is a massive change to the system and needs to be kept on top of to avoid breaching the GDPR.
It’s also worth noting that data subjects now have significantly more rights to their own personal data, as they now have the opportunity to both access and erase it. If a data subject so wishes, they are now able to find out where and why their data is being processed, and have the rights to be given a free electronic copy of this data. They may even erase this data under the ‘right to be forgotten’ but this must be taken under consideration following a ruling based on the public’s interest.
GDPR Data Protection Officers
As part of the new legislation, companies must also appoint data protection officers, whose job it will be to advise and monitor both the processors and controllers; ensuring that the GDPR is being implemented effectively. Although not every company will be obligated to appoint a DPO, almost all businesses within public sectors will have to have one, as well as private companies who either regularly monitor subjects or who process conviction information.
By ensuring that you understand these upcoming GDPR legislative laws and prepare yourself for these changes, you will be ready to implement the regulations from the get go, meaning that you and your organisation will be straight off the starting blocks and powering ahead of the data management game.
To help ensure that your organisation’s transition with the new GDPR runs as smoothly as possible, why not contact one of our professional services team today and we’ll work with you to find the best possible services and programmes for you and your business.