• Skip to primary navigation
  • Skip to main content
  • Skip to primary sidebar

GRISCHKE SOLUTIONS

Website and Software Development | IT | Office

  • Home
  • About
  • Services
    • Web Development & Hosting
    • IT, Networking and Cloud Solutions
    • Email and Office Solutions
    • Design Services
    • Quality Management
    • Document Management
    • Performance Dashboard
    • HR Management
    • Payroll Solutions
    • IT Support
    • GDPR
  • Blog
    • Start Jaguar Engine Remotely with Siri
    • Backup and restore IONOS DNS records using Power Automate, API, including SOA record
    • How to build an Email Parser in Microsoft Flow (Extract text from email body)
    • Windows 10 1803 new OEM (or ESP) Partition
    • Unprotect Excel Worksheets without Password
    • Data protection law is changing – you need to act now
    • Calculate Ratio Between Two Numbers
    • Charts in SharePoint
    • Microsoft SharePoint Services – What you need to know
    • Hide Featured Images in Genesis using 3 lines of code
    • Workflow loop through SharePoint list
  • Products
    • Basket
  • Enquiry

Data protection law is changing – you need to act now

22nd December 2017 By Maciek Grischke Leave a Comment

What is GDPR?

Currently, the UK relies on the Data Protection Act 1998, which was enacted following the 1995 EU Data Protection Directive, but this will be replaced by the new legislation. It introduces tougher fines for non-compliance and breaches, and gives people more say over what companies can do with their data. It also makes data protection rules more or less identical throughout the EU. The GDPR is EU's new framework for data protection laws that took 4 years to write through international consultations finished in May 2016 and enforceable from 25th May 2018. In theory, this law does not only apply to EU members, but all countries that exchange information with the EU. It has been confirmed by the British ministers that UK will be complying. 

Who does it apply to?

GDPR will apply to any individual, organisation and company that is either controlling or processing personal information that can be used to identify a person, such as name, address, IP address and even things like your religious and political views, sexual orientation, medical history and more. If you are currently subject to the Data Protection Act, it is likely that you will also be subject to the GDPR.

Personal information that can be used to identify a person, such as name, address, IP address and even things like your relogious and political views, sexual orientation and more.

So what's new in GDPR?

All 99 GDPR articles outline the rights of individuals and obligations placed on organisations covered by the regulation. These include allowing people to have easier access to the data companies hold about them, a new fines structure and a clear responsibility for organisations to obtain the consent of people they collect information about. Whilst most organisation deem GDPR as a good move, small companies and startups will be struggling to go through all the formalities as no information has been passed onto them. Only 6 months remaining for the GDPR to become a reality and if you've never heard of it, you're not alone.

Serious Data Management

Companies covered by the GDPR will be more accountable for their management of people's personal information. This will include having totally new policies, data protection impact assessments and relevant procedures on how data is processed, whether it's electronic or a hard copy. There's been a number of data breaches in the last year or so. On average it takes 350 days for a company to learn they've either been hacked or they're data had leaked. It takes another 80 days for an organisation to actually find out what data has been compromised. Companies are blackmailed by hackers that demand Bitcoin payments threatening that they make all the information public. Recently, UBER confirmed that they're database has been hacked over a year ago and that they paid hackers not to release stolen information to the public.

Under GDPR, the "destruction, loss, alteration, unauthorized disclosure of, or access to" people's data has to be reported to a country's data protection regulator - in the case of the UK, the Information Commissioner's Office within 72 hours. The consequences could be detrimental to a responsible business depending on the financial, confidentiality or reputation impact.

For organisations with 250 or more employees, procedures of why people's information is being collected and processed, descriptions of the information that's held how long it's being kept for and descriptions of technical security measures in place. Companies that have "regular and systematic monitoring" of individuals at a large scale have to employ a data protection officer. This may mean hiring a new member of staff, but some organisations may already have people in this role.

Individual's rights

Apart from all the new obligations that organisations have to meet, the GDPR also gives individuals a lot more power to access their information that is held about them. Businesses and public bodies are currently allowed to charge for information access requests made by individuals. Under GDPR this will no longer be the case. Companies will have to provide any information about an individual for free and the requests will have to be fulfilled within a month.

Individuals will be able to request that their information is erased in most situations with some exceptions that will still apply.  Businesses will have to be clear why and for how long they need to keep your personal information.

GDPR fines

Organisations that fail to comply face the power of regulators to fine them. Mishandling personal information, lack of data protection officer will lead to potentially heavy fine of up to €20,000,000 or 2% of a global turnover and in some cases up to €40,000,000 or 4% company's revenue whichever is greater. The maximum penalty issued by ICO is £500,000.

Filed Under: News

Reader Interactions

Leave a Reply Cancel reply

You must be logged in to post a comment.

Primary Sidebar

  • Lock and Unlock your Jaguar with Siri
    By Maciek Grischke
    21st January 2023
  • Start Jaguar Engine Remotely with Siri
    By Maciek Grischke
    6th December 2022
  • Travel Mileage Claim Form in Power Apps using TomTom API
    By Maciek Grischke
    24th September 2022
  • Backup and restore IONOS DNS records using Power Automate, API, including SOA record
    By Maciek Grischke
    14th August 2022
  • Update the Picture column in SharePoint using PowerAutomate
    By Maciek Grischke
    16th November 2021
  • Home
  • About
  • Services
  • Blog
  • Products
  • Enquiry

 

Designed in-house by GRISCHKE SOLUTIONS © 2022 · Log in

Address

GRISCHKE SOLUTIONS
8 Sycamore Cottages
High Street
Pembury
TN2 4PJ

Site Info

Privacy Statement

Cookies Policy