Jul 2017
24
Data protection and how personal data is managed is changing forever. On 25 May 2018 the new General Data Protection Regulation (GDPR) will come into force. The GDPR is a European privacy regulation replacing all existing data protection regulations.
The current data protection legislation in Ireland dates back to 1998 and 2003, predating current levels of internet usage and cloud technology, making it unsuitable for today’s digital economy.
The GDPR will apply to any personal data of EU cititzens, regardless of whether it is stored within or outside the EU. Most, if not all companies, process a level of personal data, whether it is customer details or employee details, therefore businesses need to be aware and plan for the new legislation.
What is Personal Data
The GDPR substantially expands the definition of personal data. Under GDPR, personal data is any information related to a person, for example a name, a photo, an email address, bank details, their personnel file, or a computer IP address.
Key Changes
Some of the key changes included as part of the GDPR include:
Consent must be clear, distinguishable from other matters and provided in an easily accessible form, using clear and plain language. It must be as easy to withdraw consent as it is to give it.
Breach Notifications: where a breach occurs, the Data Protection Commission and affected data subjects must be notified within 72 hours of the breach coming to light.
Data Subjects will have additional rights, including:
High Penalties
Ignoring the new legislation is ill advised as there are tough new fines for non-compliance. Companies or organisations found to be in breach of the legislation will face fines of up to 4% of annual global revenue or 20 million Euros, whichever is greater. The Data Protection Commissioner is the authority responsible for enforcing data protection obligations in Ireland. In preparation for the legislation, the Commission is doubling it’s workforce, leaving no doubt that they will be taking their new responsibilities extremely seriously.
To Do
If you have yet to start planning for GDPR click here for guidance on how to prepare.