When does GDPR come in to effect?
The GDPR will be implemented on the 25th May 2018.
What is GDPR compliance?
GDPR compliance is the act of complying with The General Data Protection Regulation
Will Brexit affect GDPR?
No, Brexit will not effect the GDPR as we will still need to be compliant to work with EU countries.
Will GDPR effect me personally?
Yes, if you live in the UK or the EU then GDPR effects you.
Will GDPR effect my business?
Yes, it is more than likely GDPR will effect your business if you collect, store or process information on EU Residents.
My business is based in the US, will GDPR effect us?
Yes, if you collect, store or process information on EU Residents.
What are the penalties for not complying with GDPR?
The maximum penalty is 20 million Euros or 4% of your annual world wide turnover.
How do I check if my business complies with GDPR?
First, you need to determine whether or not you are a Data Controller or a Data Processor below, you can do this using the statement that best suits your business below.
Date Controller vs Data Processor
“Controller” means the natural or legal person, public authority, agency or any other body which alone or jointly with others determines the purposes and means of the processing of personal data; where the purposes and means of processing are determined by EU or Member State laws, the controller (or the criteria for nominating the controller) may be designated by those laws.The controller says how and why personal data is processed and the processor acts on the controller’s behalf. GDPR places further obligations on the controller to ensure contracts with processors comply with GDPR. A Controller in one process may be a processor in another process, but not for the same process.
“Processor” means a natural or legal person, public authority, agency or any other body which processes personal data on behalf of the controller.If you are a processor, the GDPR places specific legal obligations on you; for example, you are required to maintain records of personal data and processing activities. You will have significantly more legal liability if you are responsible for a breach. These obligations for processors are a new requirement under the GDPR.
Identify the Lawful Basis for Processing
“Consent” the data subject has given consent to the processing of his or her personal data for one or more specific purposes;
“Contract” processing is necessary for the performance of a contract to which the data subject is party or in order to take steps at the request of the data subject prior to entering into a contract;
“Compliance” processing is necessary for compliance with a legal obligation to which the controller is subject;
“Subject’s Interests” processing is necessary in order to protect the vital interests of the data subject or of another natural person;
“Public Interest” processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller;
“Legitimate Interest” processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child.
And if I don’t comply with GDPR? Then you will need to identify where you need to make changes.