D-Day for data laws

Jon Hook ex­plains the im­pli­ca­tions of GDPR

EDP Norfolk - - Promotiona­l Feature -

I’m sure that most of us have heard the acro­nym ‘GDPR’ bandied around by now but many of us are un­sure what it en­tails and when it be­comes op­er­a­tive. GDPR is the Gen­eral Data Pro­tec­tion Di­rec­tive and be­came en­force­able on May 25.

It is a reg­u­la­tion in EU law on data pro­tec­tion and the pri­vacy of all in­di­vid­u­als in the EU and re­places the 1995 Data Pro­tec­tion Di­rec­tive. The new reg­u­la­tions in­volve three ma­jor en­ti­ties: Data Sub­jects, those whose per­sonal data is col­lected; those do­ing the ac­tual data pro­cess­ing on be­half of a con­troller, the Data Pro­ces­sors; and fi­nally those who de­ter­mine the pur­pose and means of pro­cess­ing per­sonal data, the Data Con­trollers.

Not only are the en­ti­ties clar­i­fied in the new reg­u­la­tions but the con­cept of what is per­sonal data is re­de­fined. Pre­vi­ously, per­sonal data was any­thing that could be at­trib­ut­able to a per­son but now what needs con­sid­er­a­tion is the type of per­sonal data be­ing han­dled.

This ap­plies not only to EU busi­nesses which col­lect or process the per­sonal data of EU cit­i­zens with whom they deal but also ap­plies to non-EU busi­nesses which deal with EU cit­i­zens. Cer­tain rights and re­spon­si­bil­i­ties of Data Sub­jects arise as a con­se­quence of GDPR which both Data Pro­ces­sors and Data Con­trollers need to be mind­ful of, in­clud­ing: The right to data cor­rec­tion:

Ob­vi­ous enough al­low­ing sub­jects a chance to change any pre­vi­ously pro­vided in­for­ma­tion.

Tighter con­sent req­ui­si­tions: Data sub­jects must be in­formed and con­sulted on any­thing re­lated to the pro­cess­ing of their per­sonal data or ways in which the data might be used. The new rules re­quire a pos­i­tive opt-in (so no more pre-ticked boxes!) The right to be for­got­ten: This gives sub­jects the right to erase all stored in­for­ma­tion re­lat­ing to them. The right to be in­formed:

In­di­vid­u­als have the right to be in­formed about the col­lec­tion and use of their per­sonal data. This is a key trans­parency re­quire­ment un­der the GDPR.

Pri­vacy by de­fault: If terms to an agree­ment change in any way an ad­di­tional agree­ment is re­quired to which all par­ties agree. Data pro­ces­sors and con­trollers have many re­spon­si­bil­i­ties to con­sider due to the new reg­u­la­tions in­clud­ing be­ing held ac­count­able for any breaches with harsh penal­ties ap­ply­ing of up to 4% of global an­nual turnover or 20 mil­lion eu­ros, which­ever is the greater! N Jon Hook can be con­tacted at Nor­wich Ac­coun­tancy Ser­vices on 01603 630882 or email [email protected] nor­wichac­coun­tan­cy­ser­vices.co.uk or visit nor­wich ac­coun­tan­cy­ser­vices.co.uk

ABOVE: Data – it’s com­pli­cated...

Newspapers in English

Newspapers from UK

© PressReader. All rights reserved.