Data breaches occur every day – and the EU have just increased the consequences of inadequate security… With only one month to go before General Data Protection Regulations (GDPR) come into effect, many UK companies are still yet to achieve compliance.
GDPR is an important piece of legislation designed to make it easier for individuals to understand the data that is being held and used by businesses. Now, as the deadline emerges, it’s essential that you ask yourself… “Are there changes I need to make in order to comply?”
With the implementation date of 25th May drawing ever closer, now is the time to be proactive and protect the data you hold, encrypt it and always keep up to date with your security solutions.
So, if you’re not 100% sure whether you comply with the new GDP regulations, we’ve covered everything you need to know about GDPR, so you can get prepared, just be quick… firms who fail to comply with GDPR regulations will be subject to hefty penalties.
What is GDPR?
GDPR will replace the Data Protection Act 1998. It seeks to give people more control over how organisations use their personal data and to ensure that data protection law is almost identical across the EU.
The GDPR deems that any data which can be used to identify an individual is classed as personal data and brings a new set of “digital rights” for EU citizens to protect against the growing value of personal data in the digital economy.
What Does GDPR Consider to Be Personal Data?
The EU has expanded the definition of personal data to reflect the types of data businesses now collect about people, for example online identifiers such as IP addresses now qualify as personal data. Other data, like economic, cultural or mental health information, are also considered personally identifiable information.
Why was the GDPR drafted?
Essentially, the internet and the cloud enabled organisations to invent numerous methods to use (and misuse) people’s data, and GDPR aims to remedy this. Additionally, by making data protection law identical throughout member states, the EU trusts this will mutually save companies over 2 billion euros annually.
How Will Brexit Affect the GDPR?
With the new GDPR regulations to take affect from May 2018, potentially a year before we’re due to exit the EU, many UK based businesses believe they have nothing to worry about. The truth is however, the UK must still comply despite leaving the EU, as GDPR will take effect long before the legal consequences of the Brexit vote. Just as, if you’re handling EU resident’s data then you must comply whether you’re an Australian company, an American company, a UK company and so on.
What Happens to Companies Who Don’t Comply?
For those who do not comply to GDPR regulations, companies risk being subject to a hefty fine, particularly if they fail to provide adequate IT security to protect personal data. These tougher penalties against firms that are found to breach the rules, include a fine up to 4% of their annual turnover or 20 million Euros, whichever is the greater amount.
The Benefits of GDPR; Your rights
- Under the aim of giving people more control over their information, GDPR ensures people can ask to access their data at “reasonable intervals”, with controllers having a month to comply with these requests
- Both controllers and processors must be transparent about how they collect people’s information, what purposes they use it for, and the ways in which they process the data
- People have the right to access any information a company holds on them, and the right to know why that data is being processed, how long it’s stored for, and who gets to see it
- You can also ask for this data, if incorrect or incomplete, to be rectified
- You have the right to have this data deleted if it’s no longer necessary to the purpose for which it was collected
- You have the right to have ‘the right to be forgotten’ and any data held to be erased
- Should you wish for data to be transferred elsewhere, a company must provide this information
M2M and your Data…
M2M have undertaken a ‘systems review’ and are in the process of implementing procedures which ensure that personal data is only stored where permission has been granted and directly relate to the nature of the business we have with our customers.
At M2M Technology, we will only use your data – where permission is granted – to help us advise you of key business news. In doing so, we will utilise robust and secure data processing procedures to protect your privacy
We won’t ever sell your data to third parties, store your data unnecessarily or bombard you with unnecessary communications. Should you have any questions about GDPR, or you wish for further information, please get in touch.