GDPR Simplified

GDPR Simplified

The European Union’s new General Data Protection Regulation (GDPR) is the biggest change in data protection laws in 20 years, effectively replacing the Data Protection Act of 1998.  There is a lot of confusion around GDPR, and so the purpose of this article is to try to convey its principles as simply as possible, concluding with a call to action.

In modern society, through the use of websites, applications, social media, plus many more, we all have a, what I like to call, ‘digital DNA’.  This DNA is a make up of all our personal and big data that allows organisations to identify with us or create a digital profile of us.  GDPR has been designed to strengthen individual privacy and give the power back to citizens over how their data is used and processed.

GDPR Quick-fire

  • It comes into effect on May 25th 2018
  • It is relevant if you hold any personal data of persons in Europe, (so no, Brexit won’t affect your need for compliance)
  • Applies to controllers and processors
    • Controllers – how and why personal data is processed
    • Processors – act on behalf of the controller
  • What is personal data? – Anything that can be personally identifiable to an individual – e.g. one or more factors specific to the online, physical, physiological, genetic, mental, economic, cultural or social identity of that person
  • One of the most significant changes is the accountability principle – GDPR requires you to show HOW you comply with the principles – for example by documenting the decisions you take about a processing activity and by appointing a Data Protection Officer (DPO)

Some of the key areas to consider are:

  • Lawful processing – you must identify a legal basis before processing personal data;
  • Consent – you must obtain free, unambiguous indication of the individual’s consent without pre-ticked boxes, abide by the right to be forgotten, gain consent for data use from third parties and also for all children’s data
  • Individuals’ rights – individuals have the following rights: to be informed, to access, rectify and erase, to restrict and object
  • Data transfer restrictions outside EU without necessary provisions in place e.g. evidence of compliance, contracts, clauses, guarantees

The Challenge For You

  • Compliance
    • Ensuring the sufficient policies and processes are in place
    • Training and awareness of your staff in GDPR requirements and compliance
    • Creating a roadmap for change
  • Time
    • Have to be ready by May 25th 2018
  • Non-compliance Penalty
    • Up to 20m euros or 4% of global turnover

Accordant’s Solution

Accordant’s solution will give you clarity and peace of mind. We will undertake a rapid yet comprehensive assessment of your organisation in regards to GDPR and then provide a detailed report highlighting in any elements, which will need to change to comply. We keep it to plain English and avoid any ambiguous terms or jargon and will create a roadmap of actionable next steps so you have clarity in knowing exactly what to do.

Contact Accordant on info@accordantsolutions.co.uk to set up a no-obligation initial consultation, or for more information.

 

Newsletter

"*" indicates required fields

This field is for validation purposes and should be left unchanged.

Authors

David Fardoe

Author David Fardoe

With over 30 years’ experience, both as a customer and supplier of IT services, Dave has a passionate belief in empowering the business through efficient and effective use of IT services, in the office, and on the move.

About Accordant Solutions

At Accordant we help IT leaders optimise their IT strategy to improve performance and deliver substantial cost savings.
Connect