The European Union’s General Data Protection Regulation (GDPR) comes into force in May 2018, radically changing the way organisations have to look after our personal data. Failure to comply could lead to huge fines, yet many businesses are far from ready. Here’s why you should care.
What is GDPR exactly?
A new EU regulation governing how organisations should handle and protect our personal data.
Many of the stipulations are already covered by the UK’s Data Protection Act; but simply put, organisations need to keep records of all personal data, be able to prove that consent was given, show where the data’s going, what it’s being used for, and how it’s being protected.
If personal data gets stolen after a cyber-attack, companies have to report the breach within 72 hours of realising it.
And the definition of personal data has been extended to include extra categories such as your computer’s IP address or your genetic make-up – anything that could be used to identify you.
Why should businesses care?
Non-compliance with the GDPR could lead to huge fines of 20 million euros or 4% of global turnover, whichever is the greater.
One of the reasons many businesses seem unprepared for GDPR is that they don’t know enough about the data they hold. A lot of companies don’t even know where their data is, how it is being used, or what policies are in place governing how it can be used.
For more information on GDPR and how DLS can assist please email gdpr@dlstech.co.uk or call 01204 385990.