The GDPR deadline has passed, are you GDPR ready?
We all know that GDPR comes into effect on 25th May 2018, but did you know that is it something which was finally approved by the EU Parliament on 14th April 2016?
Effectively we’ve had over two years to implement GDPR into our business, but for most of us, it was something that only recently come to light and now time is quickly running out to implement it.
What exactly is GDPR?
The General Data Protection Regulation (GDPR) standardises the data protection law across all 28 EU countries and imposes strict new rules on controlling and processing personally identifiable information.
GDPR applies to all organisations holding and processing personal data of EU residents, regardless of geographic location and this regulation will be implemented in all local privacy laws across the entire EU and EEA region.
It will apply to all companies selling to and storing personal information about citizens in Europe, including companies on other continents.
It provides citizens of the EU and EEA with greater control over their personal data and assurances that their information is being securely protected across Europe.
Under the GDPR, individuals will now have:
- The right to access –this means that you have the right to request access your personal data and to ask how this data is used by the company after it has been gathered. The company must provide a copy of the personal data held on you, free of charge and in electronic format if requested.
- The right to have your information removed – if you are no longer a customer, or if you withdraw your consent from a company to use your personal data, then you now have the right to have your data deleted.
- The right to data portability – you have a right to transfer your data from one service provider to another. And it must happen in a commonly used and machine readable format.
- The right to be informed – this covers any gathering of data by companies, and you must be informed before data is gathered. You have to opt in for your data to be gathered, and consent must be freely given rather than implied.
- The right to have information corrected – this ensures that you can have your data updated if it is out of date, incomplete or incorrect.
- The right to restrict processing – you can request that your data is not used for processing, which means your record can remain in place, but not be used.
- The right to object – this includes the right for companies to stop the processing of your data for direct marketing. There are no exemptions to this rule, and any processing must stop as soon as the request is received. In addition, this right must be made clear to you at the very start of any communication.
- The right to be notified – If there has been a data breach which compromises your personal data, then you have a right to be informed within 72 hours of first having become aware of the breach.
How we can help you with GDPR Compliance.
We have written a Knowledge Base article called ‘Writing Your GDPR Policy‘ for our customers that will help you to understand what GDPR means to your business and we have also produced a free WDUK GDPR policy template, which is available on request, for our customers.