General Data Protection Regulation (GDPR)

The EU General Data Protection Regulation (GDPR) will apply in the UK from 25 May 2018. Your organisation must understand and be ready for the new legal framework, or face severe consequences. The government has already confirmed the UK’s decision to leave the EU will not affect the commencement of the GDPR.

If your business is handling the data of European citizens, the GDPR introduces a strict new data protection compliance regime. Once in effect, failure by your organisation to maintain compliance will result in financial penalties of up to 4% of worldwide turnover. Your business faces a significant increase in legal liability if responsible for a data breach.

The EU GDPR is fast approaching and your business must quickly understand the legal requirements and implications. Below are a range of accelerated GDPR courses, focused on developing the skills and knowledge required to plan effectively for compliance under the new data protection regulations:

Hot Course

Data Protection Certified Data Protection Officer - GDPR Compliance

3 Dagen

Cursus prijzen

Cursusdata

Inschrijven

Hot Course

Data Protection General Data Protection Regulation (GDPR) Masterclass

3 Dagen

Cursus prijzen

Cursusdata

Inschrijven

Hot Course

IAPP Certified Information Privacy Professional - Europe & Certified Information Privacy Manager

3 Dagen

Cursus prijzen

Cursusdata

Inschrijven


6 things you need to know to prepare for GDPR

1. Understand when GDPR applies

Regardless of your business’s geographic location, if you’re handling the data of European citizens, GDPR applies to you. Your company will be held to the exact same security standards - whether you're in the UK or Alaska.

2. What counts as personal data under GDPR

Under the EU GDPR, the definition of what constitutes personal data is broadened to include:

"Data consisting of racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, genetic data, biometric data, data concerning health or data concerning a natural person's sex life or sexual orientation".

3. You may need a Data Protection Officer

If your organisation meets any of the three criteria below – outlined in article 37 - it’s mandatory you appoint a Data Protection Officer (DPO). If the the core activities of the organisation involve:

  • The processing of personal data by a public authority
  • "Regular and systematic monitoring of data subjects on a large scale
  • Large-scale processing of special data—for example, biometric, genetic, geo-location

Your Data Protection Officer will monitor organisational compliance against GDPR - reporting any and all findings to the highest level of management. The International Association of Privacy Professionals (IAPP) predicts 75,000 DPOs will be required globally before the introduction of the GDPR.

4. You must report a breach within 72 hours

The GDPR introduces the common breach notification requirement - this combines all existing breach notification laws across Europe under one definition. This common breach notification requirement is a legal obligation "requiring organisations to notify the local data protection authority of a data breach within 72 hours of discovering it".

5. Privacy Impact Assessments (PIAs) will need to be introduced

If you are planning a project that involves personal information, you will need to carry out a Privacy Risk Assessment before getting started. Your business will also be required to work closely with a Data Protection Officer to maintain compliance throughout the project.

6. Provide clarity in your business terms and conditions

The GDPR will introduce new guidelines emphasising the need for explicit individual consent before using a citizen’s data. Your business must use clear and simple language in terms and conditions when asking for consent, providing clarity on how the data will be used. Lengthy and complicated T&Cs which introduce obscurity will not be tolerated.