The current data protection system in practice in UK, Data Protection Act 1998, is soon going to be replaced by the new EU GDPR – General Data Protection Regulation. It is a new framework for data protection laws in Europe.
It has been in discussed over the last four years; however, it will finally come into practice on May 25, 2018. GDPR took two years to prepare for its publication in May 2016 in the EU Official Journey. Therefore, organisations have had ample time to prepare themselves to embrace the changes this new system will bring along with it.
What is GDPR?
Information Commission Office – ICO has made it mandatory for the companies that collect EU citizens data to comply with new rules that relate to protecting consumer data. GDPR is basically a new standard for consumer rights, which will protect their data.
Impact of GDPR on Business Entities
EU GDPR, after its implementation, will have different impacts on the different organisation, depending on their data protection methods. Moreover, it will be necessary for every company that stores data related to EU citizens to follow GDPR information security management system irrespective of the fact that they operate a business within EU boundaries or not. If they are processing personal information about citizens of EU, they will have to comply with GDPR. Companies that fall into below-mentioned categories will be required to comply with GDPR.
- The company exists in any of the European Union countries.
- The company stores data related to citizens of EU, even if it doesn’t exist in the EU.
- The company that monitor the behaviour of individuals of EU, where that behaviour takes place in the EU
How to Get Started with GDPR?
ICO has created a guide, which includes 12 steps, to prepare business entities for the start of this new data protection system.
Some of the steps that are laid down by the ICO include:
- Senior business leaders should be made aware of the new regulations.
- Updating the existing procedures that relate to accessing requests from consumers to obtain information.
- Deciding the information that should be held or not.
- Consequences in case of a data breach.
For assistance of small business entities to implement GDPR procedures, a phone service will be created by ICO. This service is slated to begin in November 2017.
Data Protection Officer
One of the more interesting requirements set by GDPR is the appointment of a data protection officer. However, not all companies in the EU will be required to appoint a DPO. The person filling the post of a DPO will hold the responsibility of managing and supervising data protection strategy. Moreover, they will also ensure implementation of the strategies as per the regulations and requirements in GDPR. You can read more about the requirement for appointing a DPO in this blog article.