Data protection regulation is now obligatory.
The GDPR is Europe's new framework for data protection laws – it replaces the previous 1995 data protection directive, which current UK law is based upon
Further to agreement by officials on European General Data Protection Regulation, outdated personal data rules have been bought up to speed with the digital era. From May 25th 2018, GDPR will be enforced by data protection regulators across Europe - changing how businesses and public sector organisations are allowed to handle the information of their clients.
Within the GDPR there are large changes for the public - as well as businesses and bodies that handle personal information. GDPR legislation is designed to "harmonise" data privacy laws across Europe while also providing greater protection and rights to individuals. Anyone that is considered a 'controller' or 'processor' of personal data - a individual, organisation or company - will be affected by GDPR.
In GDPR terms, personal data broadly refers to a piece of information that is able to be used to identify someone. Sensitive data in contrast, refers to data pertaining to things like religious views, political views and sexual orientation - to provide a few examples. There is no real distinction between personal and sensitive data - both are covered by GDPR. There are 99 articles setting out the rights of individuals and the obligations placed on organisations covered by GDPR. Included in these articles are allowing people to have easier access to the data companies hold about them and a clear responsibility for organisations, to obtain the consent of people they collect information about. Importantly, a new fines regime is introduced for any breaches of GDPR by persons or entities. And non-compliance could cost companies dearly.
Companies that collect data on citizens in European Union (EU) countries will need to comply with strict new rules around protecting customer data. GDPR is expected to set a new standard for consumer rights regarding their data. However companies will be challenged as they put systems and processes in place to comply. Exagenica has in the lead up to GDPR, helped numerous organisation to come to grips with the legislation - by implement the necessary changes to ensure compliance. We assist clients to develop effective strategies and models to ensure GDPR compliance is maintained successful and any potential issues with non-compliance averted.