GDPR is coming! But you probably already know this. And you’ve probably heard about the scary fines that will be imposed for non-compliance. Still, many businesses are not prepared. With the legislation becoming effective on the 25th May 2018, now is the time to start taking GDPR seriously. In this article, we will tell you everything you need to know, including: what GDPR is, who will be affected, what the requirements are and why the new legislation is so important.
What is GDPR?
GDPR (General Data Protection Regulation) refers to new data protection regulations that are being rolled out across the European Union. The legislation will require businesses to protect the personal data and privacy of EU citizens. GDPR is designed to empower citizens, and to reshape the way that businesses across the EU handle data privacy.
Approved by the EU Parliament in April 2016, the new legislation will be implemented on the 25th May 2018. This means businesses have had two years to prepare and transition to the new rules. The punishment for non-compliance is serious, with a fine of up to four percent of annual global turnover or €20 million (whichever is greater). This means businesses should be doing everything they can to make sure their data policies are updated and comply with the new legislation.
What is Personal Data?
Have you ever you ever wondered how much personal data you shared? Personal data is the data that GDPR aims to protect and constitutes any type of information that can be used to identify a person. This includes basic identity information such as a name, photo, email address, bank details, social media posts, medical information and computer IP addresses. It also includes racial or ethnic data, political opinions or details concerning sexual orientation.
Why is Privacy So Important?
GDPR aims to give consumers ultimate control over their personal data. Data is currently changing the face of the world and personal information needs to be protected as it can be misused in several ways. Personal data can be used to influence our decisions and behaviours and can be used to exercise control over us. Importantly, protecting personal data upholds appropriate social boundaries, gives respect to individuals and promotes trust of people and organisations.
Is My Business Affected?
Your business may be a data controller or a data processor. As a data controller, your business will control the overall purpose and means (why and how) the data is used. If your business is a data processor, your business will be limited to processing the data according to the instructions of the controller. Find out more about data processors and data controllers here.
Depending on what role your business plays, GDPR has set out specific obligations and limits to what you can do with personal data, as well as who is accountable for what. Simply put, if your business stores or processes any personal information about an EU citizen within member states of the EU then you must comply with the GDPR legislation. This still counts even your businesses does not have a physical presence in the EU.
What Does This Mean for Churchill Security?
At Churchill Security, we have already put the necessary steps in place to make sure that we are GDPR compliant and are protecting our clients’ data at all costs. We have created a new ‘opt-in’ system for those who want to hear from us, meaning that those who choose to opt-in will receive content from us through email.
If this sounds like something you would be interested in and you wish to hear from us in the future, opt-in here.
Churchill Security is a trusted provider of professional security solutions. We supply comprehensive security packages hospitals and other organisations in the the public sector.