By May 25th this year, the General Data Protection (GDPR), agreed by the European Parliament in April 2016, will replace the Data Protection Directive 95/46/ec as the primary law regulating how companies protect EU citizens' personal data.
Companies that are already in compliance with the Directive must ensure that that they are compliant with the new requirements of the GDPR before it becomes effective. Companies that fail to achieve GDPR by May 25 will be subject to stiff penalties and fines.
What is GDPR?
There are two main factors behind the introduction of GDPR. The biggest one is the EU's desire to bring data protection law in line with how people's data is being used, especially considering that firms like Amazon, Google,Twitter and Facebook offer their services for free, as long as people offer their data to these tech giants. The dangers of granting such vast permissions can be illustrated by the ongoing Cambridge Analytica scandal, where 50 million Facebook profiles were harvested for use by third parties.
Who Does GDPR Apply To?
'Controllers' and 'processors' of data need to abide by the GDPR. A data controller states how and why personal data is processed, while a processor is the party doing the actual processing of the data. So the controller could be any organisation, from a profit-seeking company to a charity or government. A processor could be an IT firm doing the actual data processing.
Because GDPR is a regulation, not a directive, the UK does not need to draw up new regulations - instead, it will apply automatically.
Is you company compliant please call me for a review of your policies on 07846692325