An Introduction to GDPR

The General Data Protection Regulation (GDPR) the new data protection regulation that became law across the EU since May 2018. It replaced all previous data protection regulations including Data Protection Act 1988, which was amended by the Data Protection (Amendment) Act 2003.

EU Data Protection Reform

The GDPR regulations give consumers greater control over how their personal data is captured and used by with the vision of advanced trust in the digital economy. 

Why the need for GDPR? 

There has been major advancement in technology, and with the enormous growth in the volume of consumer data used and stored by businesses across the EU since the DPA amendment in 2003.

With the increase use of social media, Google, Facebook, Twitter and LinkedIn etc. current regulations were deemed no longer fit for purpose for the digital world. 

Where does the GDPR apply? 

The new regulation covers all businesses operating in the EU.

No single state will be subject to less or more regulation than any other state, making legislation more equal.

The new regulation also applies to any personal data of EU citizens which is stored outside the EU.

Who does the GDPR apply to?

The Controller is responsible for how and why personal data is processed.

The Processor who acts on behalf of the Controller is required to maintain records of personal data and processing activities. As a new requirement under the GDPR, the Processor will have significantly more legal liability for a breach.

The GDPR places further obligations on the Controller to ensure contracts with Processors comply with the GDPR.

Penalties for non-compliance

Organisations can be fined up to 4% of annual global turnover for breaching GDPR or €20 Million.

This is the maximum fine that can be imposed for the most serious infringements e.g. not having sufficient customer consent to process data or violating the core of Privacy by Design concepts.

There is a tiered approach to fines e.g. a company can be fined 2% for not having their records in order (article 28), not notifying the supervising authority and data subject about a breach or not conducting impact assessment.

It is important to note that these rules apply to both Controllers and Processors.

Download the full article to read about three of the biggest data breaches of 2020 (so far)…….

Get the full article

The information contained within this article does in no way constitute legal advice. While we strive to keep the information up to date and correct, we make no representations or warranties of any kind, express or implied, about the completeness, accuracy, reliability, suitability, or availability with respect to the website or the information, articles, templates, or related graphics contained on the website. Any reliance you place on such information is therefore strictly at your own risk.

error: Content is protected !!