To start a support session, please enter your 6-digit PIN code and click Start.

Key changes outlined by the GDPR

The General Data Protection Regulation is due to come into force on the 25th of May 2018. This act will have a significant impact on anyone dealing with EU resident client or employee data, and you must be compliant by this date.

Many of the main concepts of the GDPR and are much the same as those in the current Data Protection Acts 1988 and 2003. However, GDPR introduces new elements that will require significant consideration by all organisations involved in processing personal data. When reviewing the changes introduced by GDPR, organisations should also take the opportunity to look at their compliance with all of the regulations including whether under the 1988 act, the 2003 Amendment act and or GDPR.

The key changes outlined in the GDPR act include:

  1. Wider Scope: expansion of the territorial scope of the EU data protection law.
  2. Data Processors: increased direct obligations for data processors.
  3. Privacy Notices: increase in the amount of information that must be provided to individuals when collecting their data.
  4. Consent & Children: higher standard when relying on a child’s consent – consent must be recorded and verifiable.
  5. Increased Individual Rights: enhanced rights and control for individuals over their personal data.
  6. Breach Notifications: Controllers have a mandatory obligation to report a data breach within 72 hours.
  7. Stronger Sanctions: fines of up to 4% of annual worldwide turnover will be imposed for non-compliance of GDPR.

GDPR applies to EVERY organisation and it is imperative that you prepare for this act now in order to avoid the severe sanctions associated with non-compliance.