D-Day for data laws
Jon Hook explains the implications of GDPR
I’m sure that most of us have heard the acronym ‘GDPR’ bandied around by now but many of us are unsure what it entails and when it becomes operative. GDPR is the General Data Protection Directive and became enforceable on May 25.
It is a regulation in EU law on data protection and the privacy of all individuals in the EU and replaces the 1995 Data Protection Directive. The new regulations involve three major entities: Data Subjects, those whose personal data is collected; those doing the actual data processing on behalf of a controller, the Data Processors; and finally those who determine the purpose and means of processing personal data, the Data Controllers.
Not only are the entities clarified in the new regulations but the concept of what is personal data is redefined. Previously, personal data was anything that could be attributable to a person but now what needs consideration is the type of personal data being handled.
This applies not only to EU businesses which collect or process the personal data of EU citizens with whom they deal but also applies to non-EU businesses which deal with EU citizens. Certain rights and responsibilities of Data Subjects arise as a consequence of GDPR which both Data Processors and Data Controllers need to be mindful of, including: The right to data correction:
Obvious enough allowing subjects a chance to change any previously provided information.
Tighter consent requisitions: Data subjects must be informed and consulted on anything related to the processing of their personal data or ways in which the data might be used. The new rules require a positive opt-in (so no more pre-ticked boxes!) The right to be forgotten: This gives subjects the right to erase all stored information relating to them. The right to be informed:
Individuals have the right to be informed about the collection and use of their personal data. This is a key transparency requirement under the GDPR.
Privacy by default: If terms to an agreement change in any way an additional agreement is required to which all parties agree. Data processors and controllers have many responsibilities to consider due to the new regulations including being held accountable for any breaches with harsh penalties applying of up to 4% of global annual turnover or 20 million euros, whichever is the greater! N Jon Hook can be contacted at Norwich Accountancy Services on 01603 630882 or email [email protected] norwichaccountancyservices.co.uk or visit norwich accountancyservices.co.uk
ABOVE: Data – it’s complicated...