The General Data Protection Regulation was introduced into EU law implemented on 25 May 2018. Along with a new Data Protection Bill, it replaces the Data Protection Act 1998 and together they tighten up existing protections for data subjects, including patients, and place additional obligations on practices to demonstrate compliance with the law.
What are the Changes made in the data protection directive?
Many of the old data regulations are still relevant and have been retained in the new GDPR. However, with data being such an integral part of the way we run our lives and our businesses, the GDPR is making important improvements, particularly around the issue of consent.
Data collectors are now required to explain why data is being stored and what it will be used for. Terms and conditions must be written in clear and plain language so that there can be no ambiguity over the consent given, and personal data must be easily accessible to the owner.
Who should follow GDPR Compliance?
GDPR impacts all companies, in all countries, that processor holds personal data of any EU citizens.
You do not need to be an EU-based company, have an office in the EU or even do business in the EU; if you have contacts in your CRM from the EU, this regulation impacts you.
Do GDPR affect your Business?
As long as you follow the guidelines there will be no problem and you can continue to trade as usual. But not abiding by the new regulations could mean a fine of up to €20 million or 4% of annual turnover, whichever is greater.
What are the fines for breaches of GDPR?
Yes, it can be very scary when you look at the maximum fines that the Information Commissioners Office can now issue within GDPR in the event of a data breach; £16 million or 4% of global turnover is not fine any of us would like to pay but let’s look at the facts:
• The maximum fines are £16 million or 4% of global turnover, whichever is largest.
• Under current data protection laws, the ICO can fine up to £500,000 but they have never used this maximum fine. Even when TalkTalk had a huge data breach of hundreds of thousands of data records the ICO only fined them £400,000.
• Of the 17,300 investigations concluded in 2016 by the ICO only 16 of those resulted in fines being issued.
Teceze, a leading provider of IT governance, risk management, and compliance solutions, is at the forefront of helping organizations address the challenges of EU GDPR compliance.
Whatever your needs, from carrying out a GDPR compliance audit to implementing an ISO 27701-compliance privacy information management system, we have a wide range of products that can help you meet your objectives.
Speak to a GDPR expert
Support your compliance project with guidance from industry experts. For more information about our products and services, and how we can help you achieve GDPR compliance, call 02080505014, or Book a free consulting. Our team of experts is on hand to help you at any stage of your GDPR journey.