GDPR – What is it?
The GDPR deadline is 25 May, 2018
General Data Protection Regulation (GDPR) proposed by the European Commission will strengthen and unify data protection for individuals within the European Union (EU), whilst addressing the export of personal data outside the EU.
The announcement of an agreement to finalize GDPR was made in December 2015 and following a vote by the EU parliament, the compliance deadline for GDPR was set for May 2018. The GDPR requirements as well as the amount of internal collaboration that will be needed to address them means organizations need to plan for compliance now.
The primary objective of the GDPR is to give citizens back control of their personal data. Once GDPR takes effect it will harmonize previous and other data protection regulations throughout the EU.
What does GDPR stand for: a meaning and definition
The European General Data Protection Regulation (GDPR for short) is built around two key principles.
- Giving citizens and residents more control of their personal data
- Simplifying regulations for international businesses with a unifying regulation that stands across the European Union (EU)
It’s important to bear in mind that the GDPR will apply to any business that processes the personal data of EU citizens which means that it could also apply to companies based outside of the EU. See the GDPR checklist below for information on what ‘personal data’ includes.
The government has confirmed that Brexit will not affect the GDPR start date, or its immediate running. It’s also confirmed that post-Brexit, the UK’s own law (or a newly-proposed Data Protection Act) will directly mirror the GDPR.
It’s too complicated – should i care?
It’s easy for small companies with a stack of to-dos to see the GDPR as a burden. But in reality, it’s something that can be used to your advantage, adding value to your business.
By proving to potential and existing customers that your organisation is compliant with new laws that protect the rights of citizens just like you (and your customers), you could bring in more business.
No one likes having their data lost, stolen, damaged, misused or shared without proper consent, and doing everything you can to protect your customers and grow their trust could be a unique selling point.
So, from fines to compensation claims, there are certainly serious reasons to get GDPR-compliant. But on a real-world level, see it as being worth your while to get organised behind the scenes, earn your customers’ trust, and be the company that respects personal data, rather than letting it sit on a long-forgotten spreadsheet.
What are the GDPR penalties?
The GDPR toughens up penalties already existing under the DPA. These existing penalties include:
- Maximum fines of £500,000
- Prosecutions, including prison sentences for deliberate breaches
- Obligatory undertakings, where your company has to commit to specific action to improve compliance