With the implementation of the General Data Protection Regulation (GDPR) just around the corner on 25 May – you know: those four little letters you keep hearing about – it’s important to ask yourself if your company is actually ready for it.
What I mean by this is: has your company implemented a tactical band-aid solution to simply ensure compliance come 25 May – or do you have a strategic long-term solution? If it’s the former, you may not have done enough to ensure you’ll even meet the regulatory checks. Now, remember to breathe.
Here are the essentials. GDPR upgrades the protection afforded to EU citizens from privacy and data breaches under previous EU laws. It applies to ‘personal data,’ which includes name, identification number, location data or an online identifier (such as a cookie).
The biggest change, and the one that requires non-EU companies to comply, is the increased territorial scope. This requires companies to comply, regardless of where they are based, if they are processing the personal data of EU citizens. The Regulation applies to the processing of personal data of EU citizens by a data controller or processor, which includes cloud providers. In collecting data on people, companies will have to receive their consent first, and the consent form must be easily readable (i.e. not in legalese).
If you do suffer a personal data breach, then you have 72 hours to notify the authorities. This is the Information Commissioner’s Office (ICO) in the UK. And you must inform affected individuals “without undue delay.” The Regulation spells out what must be reported to the ICO.
Now for the scary/painful bit. Being found in breach of GDPR can result in a maximum fine up to 4% of your annual global (not just EU) turnover or €20 million, whichever is greater (conveniently). Overall, the GDPR penalty system is tiered, meaning that different levels of breaches will result in different levels of fines.
At SKT Consulting, we can help you manage your GDPR compliance in a way that ensures you meet the requirements imposed by the FCA and ICO. Through our Regulation Accelerator, we have a history of simplifying regulatory requirements for our clients, and. by doing so. Reducing their fear of being non-compliant with regulations. So, if you want eliminate your GDPR fears, get in touch with us.