The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union. It also addresses the export of personal data outside the EU. The General Data Protection Regulation (GDPR) is likely to impact, in particular, smaller companies as a recent study shows that 82% of SME's are unaware of the new legislation, and will potentially be hit with large fines when it starts being enforced from next year - 2019.
GDPR - General Data Protection Regulation, 2018
Through the GDPR, the EU recognises:
1. The right to private life as a universal human right and
2. The right to have one’s personal data safeguarded as a distinct, standalone universal human right.
It is by attaching rights to an individual’s data separately to the right attached to an individual, that the EU can demand EU-grade data protection standards on businesses in other countries. The legal onus is on businesses to determine if they fall within the GDPR’s confines, asking these three simple questions:
1. Is your business based in the EU?
2. Does your company handle data concerning EU-based individuals?
3. Does your organisation do any kind of business with companies to which Questions1 or 2 apply?
4. If you answered ‘yes’ to any of the three above questions, it is most likely that your company is within extent of the GDPR. Unless you are confident your existing data handling procedures are already compliant with this new regulation, this means action needs to be taken now to prepare for the 2018 deadline.
5. There have been a lot of headlines in the press about the possibility of EU swingeing fines, and GDPR is frequently portrayed as the new corporate villain-of-the-peace. It is somewhat true these fears are not entirely without foundation. A two-tier sanctions regime will apply. Breaches of the law could lead to fines of up to €20 million, or 4% of a company's global annual turnover for the preceding financial year, whichever is the greater, being levied by data watchdogs.
6. However, frightening rumours are not a constructive approach. The fortunate news is that correct implementation of the GDPR will not only ensure compliance and mitigate the risk of fines but, more importantly, will give conforming businesses a competitive advantage. That is why Hazard 360 Ltd encourages all companies consider GDPR to be a central plank of their business strategy.
Hazard 360 ltd can provide your company with an Analysis, which gives a complete assessment of your current state of compliance and identify areas in need of improvement. For further information contact email@example.com
What is GDPR (General Data Protection Regulations)?
The General Data Protection Regulation (GDPR) (EU) 2016/679 is a regulation in EU law on data protection and privacy for all individuals within the European Union and the European Economic Area. It also addresses the export of personal data outside the EU and EEA. Current Data Protection law has changed as of the 25th May 2018, and organisations are required to be compliant with the new General Data Protection Regulation (GDPR).
The GDPR will replace all the existing data protection laws across Europe, and shape the way in which companies handle, protect and profit from data. All businesses, and not-for-profit organizations that process personal data concerning employees, customers or prospects who are in the EU and/or are EU citizens fall within its scope, wherever in the world the company is based and even if the data is processed outside the EU.
In other words, European data protection law will now apply worldwide, and businesses have until 25 May 2018 to prepare. Hazard 360 Ltd can help you make a smooth transition into GDPR compliance. With our assistance, you can reduce potential risks with a comprehensive GDPR approach and avoid fines, which can equal as much as two-to-four percent of your global revenue.
Who does it Affect?
The regulation must be followed by every organisation that processes personal data of European Union citizens.
The GDPR considers ‘processing’ as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The GDPR considers ‘personal data’ as any information that could be used, on its own or in conjunction with other data, to identify an individual.
What it Signifies
It means that any organisation – whether a private business or public authority – that collects, stores or shares ‘identifying’ data on European citizens will need to comply with the GDPR by May 2018.
It doesn’t matter whether that organisation is located within the EU or not, or if the data processing itself takes place outside of the EU, or if it is conducted by third parties. If you are responsible for the processing of data of EU citizens you need to comply, it is now a legal requirement.
Remember to embed privacy into your operation
This is the only sustainable way to ensure compliance on an ongoing basis. GDPR is here and will be for the foreseeable future, even after BREXIT.
GDPR Compliance Services
Step 1: GDPR Briefing Presentation
Step 2: Carry out GDPR compliance gap analysis assessment
Step 3: Report on Gap Analysis findings
Step 4: Produce Scoping Document
Step 5: Present Quotation
Step 6: Terms and Conditions Agreed
GDPR Compliance Structure
Develop and Construct GDPR Compliance Manual - Implement GDPR Compliance Requirements
Section 1: Formulate Project Plan Elements
Section 2: GDPR Roles, Responsibilities, Awareness and Training Elements
Section 3: Personal Data Analysis Protocols Elements
Section 4: Privacy Policies and Notices
Section 5: Data Subjects Rights
Section 6: GDPR – Data Controllers and Processors
Section 7: Data Protection Impact Assessment
Section 8: International Data Transfers
Section 9: Personal Data Breach Management
Section 10: Information Security Policies