GDPR - The EU General Data Protection Regulation
What you need to know for your business.
What is GDPR?
The General Data Protection Regulation (Regulation (EU) 2016/679) is a European Parliament regulation which aims to unify data protection rules across the whole of EU, it also controls the export of personal data from the EU. It was issued on 27 April 2016, and becomes enforceable from 25th May 2018. GDPR covers personally identifiable data about any “living person” in the EU (or stored by an EU-based business), and it is designed to provide rights and protects for that person – the “data subject“.
Does it affect me?
You don’t have to be within the EU for GDPR to apply. If you are processing personal data relating to any living person within the European Union, you must comply with the regulations in the way that you handle that data. Complying with the requirements of GDPR is not optional and people can not waive their rights to protection under GDPR.
What are the Penalties for Failing to Comply?
The penalties are much more significant than with previous data protection and privacy legislation. Organisations found in breach can be fined up to 4% of their annual global turnover or €20 million, whichever is greater. This makes it even more important that you understand the GDPR and how it affects your business.
Time left until the GDPR comes into force...
Checklists from the UK’s Information Commissioners office, to assess your compliance with the Data Protection Act and find out what you need to do, including guidance on getting ready for GDPR
Privacy Impact Assessment guidance and resources from the UK Information Commissioner’s Office.
UK Information Commissioner’s Office guidance on provisions for accountability and governance, including “he accountability principle” and guidance on records of processing activities.
Brexit and the GDPR
UK organisations handling personal data will need to comply with the GDPR, regardless of Brexit. The GDPR comes into force before the UK leaves the European Union and the government and the Information Commissioner have confirmed that the regulation will apply, and that the UK will continue to follow a compatible regime.
- GDPR action list generator
- compliance timeline plan
- GDPR audit questionnaire
- GDPR systems audit and mapping
- GDPR risk assessment
- GDPR staff training tool and training log
- GDPR records processing tool
- GDPR supplier and vendor assessments
- DSAR handling tool
- breach notification handling tool
- policy handling for GDPR
- staff offboarding questionnaire