GDPR Simplified

The European Union’s new General Data Protection Regulation (GDPR) is the biggest change in data protection laws in 20 years, effectively replacing the Data Protection Act of 1998. There is a lot of confusion around GDPR and so the purpose of this article is to try to convey its principles as simply as possible, concluding with a call to action.

In modern society, through the use of websites, applications, social media, plus many more, we all have a, what I like to call, ‘digital DNA’. This DNA is a make up of all our personal and big data that allows organisations to identify with us or create a digital profile of us. GDPR has been designed to strengthen individual privacy and give the power back to citizens over how their data is used and processed.

GDPR Quick-fire

  • It comes into effect on May 25th 2018
  • It is relevant if you hold any personal data of persons in Europe (so no, Brexit won’t affect your need for compliance)
  • Applies to controllers and processors
    • Controllers – how and why personal data is processed
    • Processors – act on behalf of the controller
  • What is personal data? – Anything that can be personally identifiable to an individual – e.g. one or more factors specific to the online, physical, physiological, genetic, mental, economic, cultural or social identity of that person
  • One of the most significant changes is the accountability principle – GDPR requires you to show HOW you comply with the principles – for example by documenting the decisions you take about a processing activity and by appointing a Data Protection Officer (DPO)

Some of the key areas to consider are:

  • Lawful processing – you must identify a legal basis before processing personal data
  • Consent – you must obtain free, unambiguous indication of the individual’s consent without pre-ticked boxes, abide by the right to be forgotten, gain consent for data use from third parties and also for all children’s data
  • Individuals’ rights – individuals have the following rights: to be informed, to access, rectify and erase, to restrict and object
  • Data transfer restrictions outside EU without necessary provisions in place e.g. evidence of compliance, contracts, clauses, guarantees

The Challenge For You

  • Compliance
    • Ensuring the sufficient policies and processes are in place
    • Training and awareness of your staff in GDPR requirements and compliance
    • Creating a roadmap for change
  • Time
    • Have to be ready by May 25th 2018
  • Non-compliance Penalty
    • Up to 20m euros or 4% of global turnover

Accordant’s Solution

Accordant’s solution will give you clarity and peace of mind. We will undertake a rapid yet comprehensive assessment of your organisation in regards to GDPR and then provide a detailed report highlighting any elements, which will need to change to comply. We keep it to plain English, avoiding ambiguous terms or jargon, and will create a roadmap of actionable next steps, so you have clarity in knowing exactly what to do.

Call to Action

If you’re ready to ensure compliance with GDPR, and would like to benefit from the clarity and peace of mind that Accordant’s GDPR assessment will bring, visit our webpage (linked below). Here you’ll also find a link to complete a free GDPR quick quiz, which helps give a brief overview of your current compliance and how GDPR applies to you:

Contact me on any of the following for setting up a no-obligation initial consultation, or for more information:

 

Signup to receive updates from us

We share articles, news & white papers
    Any contact details you provide will be held solely for the purposes of direct mailing and will not be shared. To opt out of the list click the unsubscribe link in the emails or email hello@accordantsolutions.co.uk with the subject line UNSUBSCRIBE.
  • This field is for validation purposes and should be left unchanged.