It is extremely important for all businesses dealing with any kind of personal data to be GDPR compliant, and in order to be compliant you need to know what is required of you. That is why we have set out all the basic regulations that you need to be compliant with.
These regulations will apply to all EU citizens, so even if your company is not based in the EU, these rules and regulations will apply to your company regarding customers data who are in the EU.
Gaining consent is a large part of becoming GDPR compliant. You must gain the consent of an individual to store their data in your database, as well as gaining consent to use their data for any marketing purposes.
You may have heard of the “opt-in” when it comes to companies gaining consent for email marketing and newsletters. This is a form of gaining the consent of an individual for their email.
Breaches in Security
If your company has a breach in security especially when regarding the personal data of customers or of employees, you must notify the Supervisory Authority within 72 hours of discovering the breach. You do not have to report this if it is unlikely to result in a risk to the rights and freedom of individuals.
Individuals have the right to have access to their own personal data and when requested you must provide an electronic copy of the data you have for this individual. You must also be able to state what out of this data is your organisation processing, where it is stored and why you have the data stored.
When requested that you delete an individual’s data, you must do this and also stop sharing this data with any third-party organisations. These third-party companies also must then stop processing this data. This is the individual’s right to be forgotten.
Each individual has the right to transmit their data so all of your data must be available in a ‘commonly used and machine-readable format’ in order to be compatible with all data controllers. If requested the data must be presented in this format for the individual.
All organisations must now consider privacy at initial design stages and throughout the process of creating new products, processes and services that involve the processing of personal data. Security must be built into these at the first design stage.
Data Protection Officer
This does not apply to all organisations, only those “whose core activities consist of processing operations which require regular and systematic monitoring of data subjects on a large scale or of special categories of data or data relating to criminal convictions and offences.”
These companies will need to appoint a data protection officer from their data controllers and processers.
When is the deadline and what happens post Brexit?
The deadline for your company to be completely GDPR compliant is 25th May 2018. You must meet all of these requirements by this date.
Post Brexit, the UK will still be using the GDPR regulations and will look to create our own piece of UK legislation that will mimic the regulations set out by GDPR. In short, GDPR will still apply even after we leave the EU.
WNW are not GDPR professionals, however we will do our best to help with any questions you may have about this topic or we will be able to direct you to an expert in this field.