You are no doubt aware about it, received various emails from online retailers regarding it and been asked to update your social media profiles concerning it, but what exactly are the new General Data Protection Regulations (GDPR) about?
James Thompson, Woods Whur’s Head of Regulatory, looks at the key aspects of the GDPR on the dawn of its implementation on 25 May 2018.
In short, the GDPR applies to both “data controllers” and “data processors”, the former terms retain their same broad definitions adopted from the Data Protection Act 1998 (DPA), and relates to “personal data” and “sensitive personal data”. The DPA too will be replaced by a new Data Protection Act which is currently passing through parliament.
In order to process personal data, the processing action must be a lawful act, and the issue of consent to process personal data is an important consideration.
Under GDPR, where consent is required, it must be “be given, specific, informed and an unambiguous indication of the individual’s wishes” in other words a clear intention of the party to affirm the agreement to consent to their personal information being used. Consent cannot be implied, inferred from silence or relied on from a pre ticked box on a form. However, don’t panic, consent is not required on all occasions. Data controllers do not require consent if the action relates to other lawful activities, such as where the processing is required to comply with a legal obligation or to take steps to enter/perform a contract.
What is also significant is the increase in the penalties that can be handed out to non-compliant organisations. It is vital to comply with the GDPR to avoid a fine of €20 million (circa £17.5 million) or 4% of the company’s global annual turnover of the previous financial year, whichever is higher.
In addition to the above, the GDPR has made other key changes to individual’s rights under data protection laws, it has increased accountability placed on the data controller and given individuals a greater say in how their personal data is used.
If you are reading this and you have not yet updated your policies to comply with the GDPR or would like advice on the GDPR and how it could affect you or your business, then please get in contact with us and we will be happy to assist.
0113 234 3055