Firstly, a little caveat:
Everything in this series of posts (10 in all) has been studied and interpreted by me. I have used reputable sources for my information and to the best of my ability, translated it into an easy-to-digest format. This guide does not promise to be either a full synopsis or full interpretation of the GDPR. Indeed I have simply taken the most important aspects of the GDPR I feel are relevant to the small business owner.
GDPR in a nutshell
- The GDPR (General Data Protection Regulation) is also known as Regulation (EU) 2016/679
- The GDPR was adopted in 2016 and will come into effect on 25 May 2018
- The GDPR will replace the EU Data Protection Directive (Directive 95/46/EC) of 1995 and the UK Data Protection Act of 1998
- Any organisation that processes EU personal data will be governed by the GDPR
- The GDPR is a regulation that will define how organisations collect, store and process data about data subjects (natural persons)
- The GDPR will govern all businesses within the EEA (EU, Iceland, Liechtenstein and Norway) but will also apply to businesses outside of the EEA
- It is your responsibility to ensure that you comply with the GDPR
- Hefty fines are being set for non-compliance
- It’s easier than you think to become compliant – the trick is to start now!
What is the GDPR?
GDPR stands for General Data Protection Regulation. It makes up the second part of the General Protection Reform Package. The first part is the Police and Criminal Justice Data Protection Directive of the European Parliament and of the Council.
However, the GDPR is a regulation, meaning that it will become binding and directly applicable in all EEA Member States from the 25th of May 2018 without the need for implementing national legislation.
Further in-depth information on the GDPR is provided in my comprehensive Guide to GDPR.
Why change the current DPD system?
In line with increased communication and data storage and manipulation worldwide, it’s time to transpose the current DP directive into a more robust law binding regulation. This will provide greater accountability and will require ANY entity operating in or dealing with people’s personal data within the EU, to demonstrate compliance.
- Higher fines (up to 4% of total worldwide turnover) for non-compliance
- Robust security requirements
- Widened definition of personal data
- New obligations for Data Processors
- New and enhanced rights for individuals
- Compulsory data breach notification
- New obligations in respect of children’s data.
The GDPR effectively transfers the control to the data subject (natural person). A more robust and lawful regulation will help us sleep better at night, n’est-ce pas?
The benefit to you is the extra confidence your clients will have in your business: the knowledge that their private data will be respected and controlled in a way that will benefit them.
History of the GDPR
The GDPR of the European Parliament and of the Council will replace the existing Data Protection Directive (DPD) of 1995.
This will affect all state and private entities dealing with ANY kind of data gathering, processing, controlling and storage.
This means that it will 100% affect your business if you deal with ANY data gathered from ANYONE living within the EU, regardless of WHERE your business is located and regardless of within which country your business is governed at a legal or fiscal level.
If you would like further in-depth information on the GDPR please feel free to download my comprehensive Guide to GDPR. You will also receive limited follow-up support and gain access to a DATA AUDIT WORKBOOK, a CONSENT CHECKLIST and a GDPR CHECKLIST.
Next up is GDPR Part 2 – Your Personal Rights