WHAT IS GDPR

On May 25th, 2018, the EU’s General Data Protection Regulation (GDPR) became enforceable and forms the basis of rules that we use in the UK`s data protection act 2018.

All companies now have to consider how they process and store data.The aim of the General Data Protection Regulation is to reinforce the data protection rights of the individuals, facilitate the free flow of personal data in the digital single market and reduce administrative burden.

The ICO (Information Commissioner's Office) which is the Government organisation that enforces the Data Protection Act , Find nine simple steps to guide you through the GDPR rules, the information throughout this page aims to share information and workflows to support your reviews and planning.

Table of contents

Awareness: There have been rules in place to protect consumers since the Data Protection Act 2018 the key points to review in the rules are

Reinforce the Rights of the Individual

Defined as a “natural person” individuals have data rights.

The information on the regulation can be found in the rule book

11 chapters – 99 Articles

NON Compliance Higher level Fines: Article 83

The ICO have made the point in recent communications that GDPR is not just about fines, companies need to review and understand how they process and gain specific consent for the use of an individual’s data.

The Higher sanctions – up to 20 million euros – 4% of Global turnover, these relate to

The questions companies should therefore consider are

Data Protection by Design

The implantation of appropriate technical and organisational measures to show you have considered the integration data protection into your processing activities

You need to have an understanding of the

Protection by Design: Data Transparency

Information you hold: Practical Data Audit

Where are your data sources?

If you process high volumes of sensitive data there is a legal requirements to document the data you hold and carry out and confirm a Data Protection impact assessment

Data Protection Officer (DPO)

What does a Data Protection Officer do?

Appointing a DPO:

DPO : review Data Controller or Data Processor - Contracts

Audit will be required for contracts with third party processors to asses the compliant and lawful processing and storage of data

Controllers and processors equally responsible