General Data Protection Regulation (GDPR)06 Jun 2017
As many of you will know the new EU Data Protection Regulations are due to come into force on 25th May 2018. We have pulled together an overview of what this means for your businesses. There are 6 main areas this covers:
DATA BREACH NOTIFICATION - Data controllers (those in posession of the data) must notify its customers of ANY breach of security within 72 hours. This can be anything from a hack through to a lost USB stick.
RIGHT TO ACCESS - Data controllers MUST, on request, provide the data that they hold on an individual. That Individual also has the right to pudh back against any desicions affecting them based soley on that data.
RIGHT TO ERASURE - Customers can request that the data held on them by a data controller is deleted and to cease any further processing of that data.
DATA PORTABILITY - Individuals are capable of retrieving their data and transfering it to another data controller. This aims to make it easier to move services.
PRIVACY BY DESIGN - It is now a legal requirement to consider data security at the very design stages of new systems and that processes must be implemented to ensure data is kept securely.
DATA PROTECTION OFFICERS - Any public companies, or those who actively include storing and processing public data, must appoint an internal Data Protection Officer.