General Data Protection Regulations
On the 25th May 2018 the EU will implement its general data protection regulations GDPR, for the EU parliament this was 4 years in the making and was approved on April 16th 2016. The GDPR is set to replace 95/46/EC of the data protection directive, and is intended to protect the data privacy of all individuals and even other businesses within the EU. The United Kingdom will still apply these regulations after Brexit.
Businesses and organizations found not complying with the new regulations after May could face substantial fines, With the increased scope of these regulations it will forever change how business is done because regardless of location whether they are in the EU or not any company that needs to retain and process data of customers located within the EU will have to apply these regulations for those specific customers, if they are not located within the EU they will have to have a representative within the EU.
Every country that is a member of the EU will create an independent Supervisory authority that will deal with complaints and offences of companies under its purview. They will work closely with the Supervisory authorities that are in place in other countries so they can better monitor companies that span multiple countries. If a company has offices in multiple countries they will refer to one supervisory authority making that authority their lead authority. The companies lead authority will be the country that houses their main headquarters.
The GDPR will increase the transparency of data collectors as well as giving everyone more power and control over their own personal data as companies and other data controllers have to ask permission to store any data and inform people where and why the data will be stored if permission is given, if permission is not given or the request is ignored all data relating to the subject must be erased. As well as the deletion of data the individual can even request to review their own which has been collected and the company or organisation will have to comply sending over all relevant information in a readable format and free of charge.
The GDPR will remove the need to submit notifications to data protection officers instead implementing requirements for internal record keeping that must be met. The data protection officers will be appointed to processors who store a large quantity of data or if the collected data is related to criminal records and convictions.
Written by Kieran Abbott (c) Dreamsight TM