Are You GDPR Ready?

Tribes Research 23rd February 2018
Blog Latest News -
Are You GDPR Ready?On 25 May 2018, the General Data Protection Regulation (GDPR) will be enforced across Europe, including the UK. The law aims to give citizens greater control over their data, whilst also ensuring the security of their personal data in terms of how it is processed and stored. Here are five key updates… are you ready?
(For the full provisions, you can visit…
Increased Territorial ScopeGDPR’s extended jurisdiction applies to all companies processing personal data of data subjects residing in the Union. Importantly, this is regardless of the company’s actual location! GDPR will apply to the processing of personal data by controllers and processors in the EU, regardless of whether the processing takes place in the EU or not.
PenaltiesThe maximum fine will be up to 4% of the annual global turnover of a company, or EUR20 Million (whichever is greater). There is a tiered approach to fines and they apply to both controllers and processors of personal data. It is important to note that ‘clouds’ will not be exempt and you could end up bearing the brunt of any related penalties!
ConsentConsent will considered as “an organic, ongoing and actively managed choice, and not simply a one-off compliance box to tick and file away” (ICO). A request for consent must be easy to understand, unambiguous and easily accessible. Consent must be “opt in” only! Clear and plain language must be used and it must be as easy for an individual to withdraw consent as it is to give consent.
Data Subject RightsGDPR gives increased rights to individuals in respect of the personal data that organisations hold about them. This includes; the right to access copies of information; the right to object to processing; the right to prevent processing; the right to object to decisions taken by automated means; the right to rectify, block, erase or destroy inaccurate personal data; and a right to claim compensation for a breach of the Act.
Privacy by Design and by DefaultPrivacy can no longer be bolted on as an after-thought (or indeed ignored altogether!). Privacy must be at the forefront of any business/project. Internal processes and procedures to address these requirements must be implemented in accordance with GDPR.