HeX-plaining General Data Protection Regulations (GDPR)
Our Digital Marketing Executive, Ben, simplifies GDPR and supplies you with everything you need to know about it
Welcome to the first of our HeX-planations series of blogs, where we’ll be explaining everything from user-centric design to accessibility, in ways that are understandable and without any jargon.
Today our Digital Marketing and PR Executive, Ben, describes the new European General Data Protection Regulations.
Currently, the EU and all businesses that operate in the European Union are governed under the Data Protection Directive (DPD). This Directive covers each sector from agriculture to manufacturing to professional services – if data is collected and you’re operating in Europe, this is the law you’ve got to be aware of.
The downside to this directive is that it was written in 1995 and, although amendments have taken place over the years, it still doesn’t take away the fact that when it was written there were significantly less ways of gathering data and transferring data internationally and only 20% of households had a home computer. GDPR has been created to update the laws and bring them into the here and now.
As I mentioned briefly above, the DPD regulates all businesses that operate or have a server in the EU. However, the brand-new GDPR laws coming into force on 25th May 2018 mean that businesses who do the following will need to follow the regulations set out by the GDPR:
And if you think you don’t need to be concerned about GDPR thanks to Brexit, you’d be mistaken. Even if one EU citizen visits your website in a year, you’ll still need to be GDPR compliant, this is similar if you sell one product to anyone in the EU. Essentially, there are ways around not being compliant once we leave the European Union, but you have to ask yourself if the risk is worth it…and it’s probably not.
Many have called the fines and sanctions that are being brought into place as unfair. Currently, the fines for serious date breaches equates to £20 million or 4% of a business’s annual global turnover – whichever is highest!
Similarly, it gives increased power to the Data Protection Authority, meaning they have the power to enter any business and demand to see the way they process data and any supporting information. They can incur severe sanctions should they discover your processes are not living up to the sanction laid out in GDPR. Some of these sanctions could be notices, reprimands or a definitive ban from sending or collecting data at all.
However, if an organisation is ‘making steps towards becoming compliant’ then the Information Commissioner’s Office (the people in charge of the regulation of data in the UK) have said that they ‘will work with the organisation to make further steps to becoming compliant.’ So as long as you are making a conscious effort to getting GDPR compliant, you don’t need to panic.
If you want help towards becoming GDPR compliant, we can work with you to help get you compliant. Just get in touch with us