The new General Data Protection Regulations are coming into effect
on the 25th May 2018 and usher in a new era of data protection,
to reflect modern technologies, data usage and business activities.
Businesses will now need to document, be able to demonstrate and be accountable for communicating and ensuring Privacy, Fair Usage and Security of Personal Data.
Those individuals about whom you collect and used data will have new rights in addition to updated rights from previous legislation.
A significant change introduced is the scope of "Personal Data", which now encompasses and data that can identify an Individual Living Person, be that person a consumer, customer, employee, supplier or otherwise.
Put simply, businesses no longer "own" the data they collect, GDPR gives back control of Personal Data to the individuals that it belongs to who will in turn grant businesses permission to use it for specific purposes.
For many businesses who are already compliant with The Data Protection Act 1998 and the Privacy & Electronic Communications Regulations (EC Directive) 2003, much of the GDPR will already be in place.
In addition to our own experts we partner with a number of GDPR professionals who can help you by:
Need a toolkit of Documents, Checklists, GAP Assessment, Forms and Examples to help you along on the road to GDPR compliance?
The toolkit contains template documents and checklists and entitles you to 12 months of updates and support, to help you update your policies and procedures to achieve GDPR compliance quickly.
Normally £395+vat, take advantage of our partnership with CertiKit and get 10% off by entering the code "XYNICS10" at the checkout.
At the most basic level, Personal Data is any data that can identify a Living Individual Person. Examples quoted in the legislation are: Names, Addresses, Emails, Phone Numbers, Social Media Posts, DNA, Photographs, CCTV images and Account Numbers to name a few. Under GDPR, even a single data item such as a name can be classified as Personally Identifiable if, you or any other person, could reasonably identify that single individual.
For most you will need to update your documentation and ensure business processes are compatible with the GDPR. A core change is the need to be able to demonstrate either, a lawful reason for processing (of which there are a few), or that you have been given explicit and informed consent to process the data by the individual concerned. For each data processing activity you will need to document and demonstrate; The reason for processing, what data you collect, the necessity and relevance of that data, how long you intend to retain it in an identifiable form and the lawful basis you rely upon to collect, use, store and/or share that data. The GDPR can impact your business in almost all areas including HR, Finance, Sales, Marketing and IT. Provisions are available however to ensure that the GDPR is not designed to make running your business difficult
Individuals have had rights under the Privacy & Electronic Communications Regulations and the Data Protection Act for many years however most of those rights date from a time when data was largely in physical form, card files and filing cabinets. GDPR acknowledges the digital age and extends those rights as well as introducing new ones. A few of the key changes are;
There is no disputing that it has been well publicised that under the new GDPR, the penalties for non-compliance are potentially high, up to €20 million or 4% of annual Global Turnover. Unfortunately the media and some less moral organisations might use this as a scare-tactic to draw people in. The GDPR is not meant, or designed to be a noose around the necks of business. It is not designed to making doing business more difficult and for the most part it is not aiming to levying heavy financial penalties for non-compliance. The GDPR is designed to ensure proper control, privacy and security of the Personal Data of individuals about whom businesses collect, use, store and/or share data. The Supervisory Authorities (in the UK the Information Commissioner) are not going to hit businesses with massive fines if they have not already received guidance on their practices, unless such practices are deemed to be so severe, that any reasonable person would consider that the organisation concerned was grossly negligent in its actions or inaction.
THE PROCESSING IS NECESSARY FOR A LEGITIMATE INTEREST.
THE PROCESSING IS NECESSARY FOR A TASK CARRIED OUT IN THE PUBLIC INTEREST.
THE PROCESSING IS NECESSARY TO PROTECT THE VITAL INTERESTS OF THE INDIVIDUAL OR ANOTHER PERSON.
THE PROCESSING IS NECESSARY FOR COMPLIANCE WITH A LEGAL OBLIGATION.
THE PROCESSING IS NECESSARY FOR THE PERFORMANCE OF A CONTRACT.
THE PROCESSING IS PERFORMED WITH EXPLICIT INFORMED CONSENT FROM THE INDIVIDUAL(s)
Special Categories are defined in the legislation as personal data that reveals;
The only exceptions to this is where that data is made publicly available by the individual concerned.
The Data Protection Advice Hub - Coming Soon
A website being developed by Xynics in partnership with other professionals to enable the business community to share real-life Personal Data scenarios and receive guidance on how GDPR applies to them.
The Information Commissioners Office
Many useful pages from the ICO to help businesses understand the legal framework that its GDPR.
The General Data Protection Regulation - Text
For those who are interested, this PDF document outlines all 173 Recitals and 99 Articles that make up the legislation.
This is the first of a series of workshops designed to help fellow businesses to ascertain how GDPR might affect them as well as for Xynics to gather some anonymised real-life scenarios to publish on our new Data Protection Advice Hub portal that is in development for public release by the end of November 2017.
The workshop will start with a short overview of what GDPR is and what it means.
Afterwards, there will be an open table discussion where you can present your own real-life Personal Data scenarios and receive back guidance on how the GDPR would apply to that scenario.
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.