The General Data Protection Regulation (GDPR) comes into force on 25th May 2018, replacing the current DPA. Meaning you have 6 months to get ready.
For many, the acronym GDPR is becoming a very confusing and panic inducing concept, leaving many people and businesses to misunderstand the real impact this is going to have upon them. GDPR is ultimately greater transparency, enhanced rights for consumers and increased accountability for data. This opportunity enables businesses to refine and develop their current procedures and ensure personal data is correctly protected.
Those of you that are aware of the term GDPR lingering around, but are not newly enthused experts, may have been party to the scaremongering headlines regarding fines. It is true that the £500,000 limit that DPA outlines, will cease and the new £17 million or 4% of global turnover will be enforceable under the new law. However, this is the maximum fine that will be enforceable and not the typical. These heavy fines for serious breaches reflect the importance of personal data today.
Firstly, to ensure personal data is held correctly under the new guidelines, it is important to ensure a comprehensive understanding of what qualifies as such. The term is fundamental to GDPR and the definition given by the new guidance incorporates many more specific details than that previously outlined by the DPA.
The definition states that any information relating to a person who can be identified, directly or indirectly, such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.
Therefore, in many cases online identifiers including IP address and cookies will now be regarded as personal data if they can be (or are capable of being) without undue effort linked back to the data subject. There is a clear distinction however between personal data about individuals in their private, public or work roles.
From understanding what constitutes personal data according to GDPR, the next stage of becoming compliant with the new regulations is to refer to the Preparing for GDPR 12 Steps document. This will ensure you are taking the correct steps to be prepared for the regulation come May 2018.