Author Topic: GDPR  (Read 5945 times)

0 Members and 1 Guest are viewing this topic.

norman

  • Administrator
  • Sr. Member
  • *****
  • Posts: 272
    • View Profile
    • Zipzap Computers Limited
GDPR
« on: March 16, 2018, 04:19:11 pm »
The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was finally approved by the EU Parliament on 14 April 2016. It strengthens the law on holding personal data. It applies throughout the EU including the UK (even after Brexit).

To sum it up in a few words - you are responsible for the security and accuracy of any personal data that you hold and are to treat it responsibly. If anything goes wrong then you must inform of the problem within 72 hours to your Supervisory Authority. There are simply no excuses for failing to comply with the Regulations.

There is a notable change from having to Opt Out of communications to now having to Opt In. The requirement to respond to a request for a copy of personal data is reduced to 30 days. There is also a requirement to 'forget' an individual and remove all traces from your systems.

It is important to realise that if you store data on a third party computer which is not under your direct control, such as on the web, then you are still responsible if anything goes wrong.

The Enforcement date is 25 May 2018.

This law is being implemented in the UK so you MUST conform to it even after Brexit and it will be a requirement when working with EU customers. There is a maximum penalty of ?20,000,000 or 4% of turnover for breaches.

The homepage for the EU legislation is at https://www.eugdpr.org

The page on the Information Commissioners Office relating to this is at https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/

As a company we only store a limited amount of personal data, usually only a contact name, address, phone number and email address. Our Supervisory Authority is the Information Commissioners Office at https://ico.org.uk

Norman
 ;)